# Crypto: Random bit generator



## kavitakr (Oct 29, 2020)

I see in FreeBSD pages PRNGs/DRBGs algorithms supported is currently Fortuna and Yarrow(deprecated from FreeBSD 12.0)
Are HMAC_DRBG/ Hash_DRBG   Algorithms supported in FreeBSD?

Also DRBGs(Deterministic Random Bit Generators) as /dev/hwrandom or /dev/hwrng is not present in FreeBSD?


----------



## a6h (Oct 29, 2020)

I did a grep in /usr/src for you. Here's the STFW version of it:
https://svnweb.freebsd.org/base/head/contrib/bearssl/src/rand/aesctr_drbg.c?view=markup
https://svnweb.freebsd.org/base/head/contrib/bearssl/src/rand/hmac_drbg.c?view=markup
https://svnweb.freebsd.org/base/head/crypto/openssl/crypto/rand/drbg_ctr.c?view=markup
https://svnweb.freebsd.org/base/head/crypto/openssl/crypto/rand/drbg_lib.c?view=markup
https://svnweb.freebsd.org/base/head/crypto/openssl/include/openssl/rand_drbg.h?view=markup

Additional information from FreeBSD Developers' Handbook.
PS. You can download a copy of it from download.freebsd.org or read it online: FreeBSD Developers' Handbook

Q: What's contrib/ subdirectories?
A: Source for files from contributed software.

Q: What's crypto/ subdirectories?
A: Cryptographical sources.

Q: What's BearSSL?
A: Quote from bearssl.org: BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C.

Q: What's OpenSSL?
Quote from openssl.org: OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

Q: What's the difference between the two?
A: BearSSL Goals


----------



## kavitakr (Oct 30, 2020)

I see Fortuna as default now, before freebsd 10.4 yarrow algorithm enabled by default

kern.random.fortuna.minpoolsize: 64
kern.random.harvest.mask_symbolic: [UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
kern.random.harvest.mask_bin: 00111111111
kern.random.harvest.mask:


----------

