i'm principally interested in implementation of secrandomcopybytes on ios, if differs os x implementation. (i presume does, since mobile device has more , more readily available sources of entropy desktop computer.)
does have information on:
- where secrandomcopybytes gets entropy from?
- what rate can generate random numbers?
- will block, or fail if not enough entropy available?
- is fips 140-2 compliant, or has been included in other official certification?
the documentation not cover these points.
i've been able find hear-say comments uses information radios, compass, accelerometers , other sources, no quotes people representing apple.
/dev/random fed entropy securityserver. securityserver collecting entropy kernel event tracking (kdebug). method described in book "mac os x internals. systems approach". can read online example @ http://flylib.com/books/en/3.126.1.73/1/
the source code entropy collecting here: http://www.opensource.apple.com/source/securityd/securityd-40600/src/entropy.cpp
in xnu-1504.9.37 (latest version os x of writing), kernel entropy buffer filled in kernel_debug_internal(), using timing information. place entropy buffer written to.
if (entropy_flag && (kdebug_enable & kdebug_enable_entropy)) { if (kd_entropy_indx < kd_entropy_count) { kd_entropy_buffer [ kd_entropy_indx] = mach_absolute_time(); kd_entropy_indx++; } if (kd_entropy_indx == kd_entropy_count) { /* * disable entropy collection */ kdebug_enable &= ~kdebug_enable_entropy; kdebug_slowcheck &= ~slow_entropy; } } 
Comments
Post a Comment