I'm trying to understand if the XNU underpinnings of macOS (BSD) still use the Yarrow cryptographically secure pseudorandom number generator?
I have looked through the source and it seems as if they switched to a DRBG NIST generator?
There are very few references to Yarrow in the 10.14 XNU code compared with older versions of the Kernel, but 10.14 still contains this string in key.c
:
/* Our PRNG is based on Yarrow and doesn't need to be seeded */
That said if you looked at older XNU Yarrow is littered everywhere.
Source code for XNU:
Lots of Yarrow references in XNU 2782 – macOS 10.11
Very few Yarrow references in XNU 4903 – macOS 10.14
So, are Apple still using Yarrow?
I ask because Yarrow is only capable of generating 160bit strong keys.
Best Answer
Yarrow is gone.
The kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.
https://support.apple.com/en-ie/guide/security/seca0c73a75b/1/web/1
Ok! So I mailed Craig Federighi recently about this, concerned that macOS wasn’t capable of generating >128bit quality keys.
He responded!
What a legend.
So yup, macOS and iOS are both capable of generating 256 bit entropy and creating quality CS keys for both ECC and Symmetric Key crypto.
EDIT: Apple confirmed the kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.