SecRandomCopyBytes有多好? [英] How good is SecRandomCopyBytes?
问题描述
如果它与OS X实现不同,我主要对 iOS 上 SecRandomCopyBytes
的实现感兴趣。 (我认为它确实如此,因为移动设备比台式计算机拥有越来越多的现成熵源。)
I'm principally interested in the implementation of SecRandomCopyBytes
on iOS, if it differs from the OS X implementation. (I would presume that it does, since a mobile device has more and more readily available sources of entropy than a desktop computer.)
有没有人有关于的信息:
Does anyone have information on:
- SecRandomCopyBytes从哪里获得熵?
- 它可以产生多少好的随机数?
- 如果没有足够的熵可以阻止或立即失败吗?
- 符合FIPS 140-2标准,还是已包含在任何其他官方认证中?
- Where SecRandomCopyBytes gets entropy from?
- What rate it can generate good random numbers?
- Will it block, or fail immediately if not enough entropy is available?
- Is it FIPS 140-2 compliant, or has it been included in any other official certification?
该文件未涵盖这些要点。
The documentation does not cover these points.
我是只有能够找到听到 - 说评论它使用来自无线电,指南针,加速度计和其他来源的信息,但实际上代表Apple的人没有引用。
I've only been able to find hear-say comments that it uses information from radios, the compass, accelerometers and other sources, but no quotes from people actually representing Apple.
推荐答案
/ dev / random由SecurityServer的熵提供。 SecurityServer从内核事件跟踪(kdebug)收集熵。该方法在Mac OS X Internals.A Systems Approach一书中有所描述。您可以在线阅读,例如在 http://flylib.com/books/en /3.126.1.73/1/
/dev/random is fed by entropy from the SecurityServer. SecurityServer collecting entropy from the kernel event tracking (kdebug). The method is described in the book "Mac OS X Internals. A Systems Approach". You can read about it online for example at http://flylib.com/books/en/3.126.1.73/1/
熵收集的源代码在这里: http://www.opensource.apple.com/source/securityd/securityd-40600/src/entropy.cpp
the source code for the entropy collecting is here: http://www.opensource.apple.com/source/securityd/securityd-40600/src/entropy.cpp
在xnu-1504.9.37(OS X编写的最新版本)中,内核熵缓冲区填入 kernel_debug_internal()
,仅使用时间信息。这是熵缓冲区写入的唯一位置。
In xnu-1504.9.37 (latest version for OS X as of writing), the kernel entropy buffer is filled in kernel_debug_internal()
, using only timing information. This is the only place that the entropy buffer is written to.
if (entropy_flag && (kdebug_enable & KDEBUG_ENABLE_ENTROPY)) {
if (kd_entropy_indx < kd_entropy_count) {
kd_entropy_buffer [ kd_entropy_indx] = mach_absolute_time();
kd_entropy_indx++;
}
if (kd_entropy_indx == kd_entropy_count) {
/*
* Disable entropy collection
*/
kdebug_enable &= ~KDEBUG_ENABLE_ENTROPY;
kdebug_slowcheck &= ~SLOW_ENTROPY;
}
}
这篇关于SecRandomCopyBytes有多好?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!