Randomness on Apple Platforms (2024)
5 days ago
- #cryptography
- #random-number-generation
- #apple-platforms
- The journey explores the best ways to obtain randomness on Apple platforms, starting with deprecated APIs like rand(3) and moving to more robust options.
- arc4random(3) is recommended over older functions, wrapping corecrypto's ccrng for high-quality random bytes and uniform distribution.
- /dev/random and /dev/urandom are identical on Apple platforms, with getentropy(2) offering a more direct and resilient interface.
- SecRandomCopyBytes from Security.framework and CCRandomGenerateBytes from Common Crypto both ultimately rely on corecrypto's ccrng.
- For non-security-critical use cases, seeding a fast custom RNG with CCRandomGenerateBytes is sufficient, while security-critical tasks should use CCRandomGenerateBytes directly.
- The kernel's random number generator is seeded by the Secure Enclave's hardware TRNG, layered with AES and Fortuna for robustness.