iOS 7's weak random number generator stuns kernel security – claim In an effort to improve iDevice security, Apple replaced its internal random number generator between iOS 6 and iOS 7 – but a security researcher believes Cupertino inadvertently downgraded security. The issue is outlined here by Azimuth Security, whose Tarjei Mandt also detailed the issue at last week's CanSecWest conference …
uses what's called a linear congruential generator (LCG) to provide entropy for the PRNG
No, no, no. An LCG, or any other deterministic algorithm,1 cannot provide entropy. A deterministic algorithm can discard information entropy; it cannot produce it.
In a CPRNG, the PRNG schedules and whitens entropy - it doles it out, mixing it in with a bunch of internal state and a (hopefully) trapdoor function2 so that it's infeasible for an observer to distill enough of the entropy to accurately simulate the CPRNG.
Apple's mistake (assuming the article is otherwise accurate) is in using an LCRNG rather than a trapdoor function, and probably in exposing too much internal state, which in effect means exposing too much entropy. Whether they're gathering enough (or indeed any) entropy in the first place, and whether they're adding entropy to the pool as required, are other questions.
On the other hand, the post from Tim 11 above suggests this is an application error - this generator perhaps is not intended for CPRNG use.
1That is, any computable function (if the C-T thesis is correct), or at least any function computable by a Turing Machine or equivalent (Post Machine, 2PDA, etc). "Algorithm" can reasonably be used for some non-computable processes which may or may not be deterministic.
2That is, a function which is much easier to compute than its inverse is, assuming P ≠ NP.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
