## Questions & Answers about Yarrow

#### What is Yarrow?

Yarrow is a high-performance, high-security, pseudo-random number generator (PRNG) for Windows, Windows NT, and UNIX. It can provide random numbers for a variety of cryptographic applications: encryption, signatures, integrity, etc.

#### Why is a PRNG important?

PRNGs are used everywhere in cryptography. In fact, it is hard to imagine a well-designed cryptographic application that doesn't use random numbers. Random numbers are used to generate session keys, initialization vectors, salts to be hashed with passwords, unique parameters in digital signature operations, random initialization for public-key generation, and nonces in different protocols. If the random numbers in any of these applications are insecure, than the entire application is insecure. Algorithms and protocols can't cover for bad random numbers.

#### What's wrong with all the other PRNGs?

Over the years, Counterpane Systems has broken proprietary PRNGs for clients. Recently, we published the first extensive cryptanalysis of PRNGs at Fast Software Encryption 98. (Copies of the paper can be found at: http://www.schneier.com/paper-prngs.html.) In the paper, we analyzed the PRNGs in X9.17, DSA, RSAREF, and CryptoLib. We found that these PRNGs are not secure for all applications. We have also analyzed PRNGs similar to the one found in PGP, and will publish that work in a future paper. We believe that current PRNG design is simply ad hoc, without any strong security arguments or analysis.

#### Why did we write Yarrow?

We wrote Yarrow because we wanted to build a secure PRNG based on the research we have done.

#### Why is Yarrow free?

No one would use Yarrow if it were not free. We have worked with enough cryptographic products and security companies to know what can and cannot be sold. No one would pay money to use Yarrow as long as they believed they could do nearly as well for free. If Yarrow is ever to be widely used, it must be free.

#### Is Yarrow exportable?

Yes. Yarrow is not an encryption algorithm, and thus not subject to the U.S. export regulations on encryption. Of course, if someone uses Yarrow to build an encryption product, that product may not be exportable.

#### Where did the name Yarrow come from?

Yarrow is a plant: a flowering perennial with distinctive flat flowerheads and lacy leaves. Yarrow stalks have been used for divination in China since the Hsia dynasty, in the second millenium B.C. The fortuneteller would divide a set of 50 stalks into piles, then repeatedly use modulo arithmetic to generate two random bits. Yarrow stalks are still used for fortunetelling in China, but with a greatly simplified method: shake a container of 100 numbered yarrow stalks until one stalk comes out.

up to Yarrow

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.