CryptGenRandom

CryptGenRandom is a cryptographically secure pseudorandom number generator function that is included in Microsoft CryptoAPI. In Win32 programs, Microsoft recommended its use anywhere random number generation is needed (it has since been replaced by BCryptGenRandom, see below). The kernel32 equivalent is RtlGenRandom.

A 2007 paper from Hebrew University suggested security problems in the Windows 2000 implementation of CryptGenRandom (assuming the attacker has control of the machine). Microsoft later acknowledged that the same problems exist in Windows XP, but not in Vista. Microsoft released a fix for the bug with Windows XP Service Pack 3 in mid-2008.

CryptGenRandom is deprecated as it belongs to the deprecated Windows CryptoAPI. The modern Cryptography API: Next Generation (CNG) replacement is BCryptGenRandom (and the underlying functions ProcessPrng and SystemPrng).

This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.