Support of Ivy Bridge's RDRAND in /dev/random OS X 10.9.4

As far as I know, Intel has a library for RDRAND instruction

But does OS X kernel really use it for /dev/random device (like Linux do esat least for /dev/hwrng)?


According to man 4 random

The random device implements the Yarrow pseudo random number generator algorithm and maintains its entropy pool. Additional entropy is fed to the generator regularly by the SecurityServer daemon from random jitter measurements of the kernel. SecurityServer is also responsible for periodically saving some entropy to disk and reloading it during startup to provide entropy in early system operation.

As a side note /dev/urandom is the same as /dev/random in OSX. (also in man 4 random)

/dev/urandom is a compatibility nod to Linux.

The Yarrow pseudo random number generator uses "entropy harvesting" from normal activities such as mouse movement or keyboard input to generate random numbers. FreeBSD has an implementaiton that you can read to see how the Yarrow pseudo random number generator is implemented in practice.

However, you are asking if OSX is or isn't using RDRAND instructions in its implementation, but since OSX is closed source we can only rely on what they tell us and I cannot find anywhere that mentions what libraries OSX uses to make its random numbers.

It seems that you want a guarantee (like most of us) that the numbers given by /dev/random will actually be cryptographically secure so when we make DSA or RSA keys we know that nobody besides the intended audience can gain access. Unfortunately, regardless of whatever you could find about how OSX is supposed to generate its random numbers we could never verify it, since we do not have the source.

As so very nicely put in the linux source 3.13.0:

The arch-specific hw RNG will almost certainly be faster than what we can do in software, but it is impossible to verify that it is implemented securely (as opposed, to, say, the AES encryption of a sequence number using a key known by the NSA). So it's useful if we need the speed, but only if we're willing to trust the hardware manufacturer not to have put in a back door.

If you want to read how it is actually done in Linux when not relying on the hardware read root/drivers/char/random.c in the source code. The comments are surprisingly helpful to see what is going on and give you a complete picture of the theory behind it all.

All in all if you want a better guarantee that your random numbers are cryptographically secure I would recommend either getting your random numbers with an online true random number generator or use Linux to make your keys (which you can also add input from a true random number generator).