CryptGenRandom

From Wikipedia, the free encyclopedia

CryptGenRandom is a random number generator function that is included in Microsoft's Cryptographic Application Programming Interface. Microsoft recommends its use in all software where security is an issue.

[edit] Method of operation

All Microsoft-provided cryptography providers share the same implementation of CryptGenRandom, currently based on an internal function called RtlGenRandom. [1]. Only a general outline of the algorithm has been published as of 2006:

[RtlGenRandom] generates as specified in FIPS 186-2 appendix 3.1 with SHA-1 as the G function. And with entropy from:

• The current process ID (GetCurrentProcessID).
• The current thread ID (GetCurrentThreadID).
• The tick count since boot time (GetTickCount).
• The current time (GetLocalTime).
• Various high-precision performance counters (QueryPerformanceCounter).
• An MD4 hash of the user's environment block, which includes username, computer name, and search path. [...]
• High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC

[omitted: long lists of low-level system information fields and performance counters]

Source: Writing Secure Code, Second Edition. ISBN 0-7356-1722-8. 

The exact algorithm has not been published, thus it is impossible for independent researchers to peer-review it and evaluate its effectiveness. Theoretical weaknesses include the use of outdated algorithms (such as MD4), and the reliance for entropy gathering on several monotonically-increasing counters that might be estimated or controlled to an extent by an attacker with local access to the machine.

[edit] See also

• Cryptographically secure pseudorandom number generator

[edit] External links

• Microsoft documentation for CryptGenRandom
• Cryptographically Secure Random number on Windows without using CryptoAPI