Yarrow

Note: Yarrow is no longer being supported.

Designed by Bruce Schneier and John Kelsey - Result of several years' research - Renders information security systems far less vulnerable - Unpatented and royalty-free - No license required

Yarrow paper
Questions and Answers about Yarrow
Source code
Note: the source code implements an older version of Yarrow, not the one specified in the paper.

About Yarrow

What's a PRNG? It's a mechanism for generating random numbers on a computer. They're called pseudorandom, because you can't get truly random numbers from a completely non-random thing like a computer. In theory, true random numbers only come from truly random sources: atmospheric noise, radioactive decay, political press announcements. If a computer generates the number, another computer can reproduce the process.

A PRNG is the unsexy part of a cryptographic system. People don't think much about them, but they're used just about everywhere in cryptography. Random numbers are in session keys, initialization vectors, public-key generation, and many other places. If the random numbers are insecure, then the entire application is insecure. Algorithms and protocols can't cover for bad random numbers. When a couple of Berkeley students broke the security on Netscape Navigator, it was the PRNG they broke. (See attacks on PRNGs.)

Yarrow is a PRNG; it generates cryptographically secure pseudorandom numbers on a computer. It can also be used as a real random number generator, accepting random inputs from analog random sources. We wrote Yarrow because after analyzing existing PRNGs and breaking our share of them, we wanted to build something secure.

Yarrow is superior to the past ad hoc PRNGs that have been easily compromised. Counterpane is releasing Yarrow copyright-free, at no charge, in the public domain for general business use.

Yarrow in the Media

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.