How good is SecRandomCopyBytes?

Question

I\'m principally interested in the implementation of SecRandomCopyBytes on iOS, if it differs from the OS X implementation. (I would presume that i

Answer 1

1. According to the iOS documentation, SecRandomCopyBytes is just a wrapper for the /dev/random PRNG. On most implementations of Unix, this file is a blocking PRNG; however, according to this page and the documentation, /dev/random on OSX/iOS actually functions like /dev/urandom in most other Unix implementations in that it does not ever block.

2. Since it does not block, you should be able to quickly determine the rate it generates random numbers using a simple test.

3. /dev/random is supposed to try to get entropy from as many sources as possible. Thus, it is entirely reasonable to believe that on iOS it uses the radio and accelerometer as sources of entropy; however, I cannot find any sources for this, and the documentation only states that it comes from "the random jitter measurements of the kernel".

4. It appears that the iPhone is currently in the process of being FIPS 140-2 validated.