Re: What seeds CeGenRandom?
From: Don Dumitru [MSFT] (dondu_at_online.microsoft.com)
Date: 08/30/04
- Next message: Sajid: "[Q]: DisableThreadLibraryCalls"
- Previous message: saradhi: "Re: NMAKE : U1073: don't know how to make 'RomImage' ?????"
- In reply to: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Next in thread: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Reply: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 29 Aug 2004 23:55:58 -0700
On Windows CE, CryptGenRandom uses CeGenRandom, and then pushes those bits
through a cryptographic hash algorithm. CryptGenRandom is not going to be
more random than CeGenRandom, because the output of CeGenRandom is what
seeds CryptGenRandom.
In Windows CE 5.0, CeGenRandom is seeded from...
- 64 bits of "noise" from the kernel level, which gets updated on task
switches
- the output from IOCTL_HAL_GET_RANDOM_SEED
- the output from IOCTL_HAL_GET_HWENTROPY
- the output from GetLocalTime
- the current process ID
- the current thread ID
- the current tick count
- the output from GetMessagePos
- the output from GlobalMemoryStatus
- the output from GetStoreInformation
(I don't have easy access to information about the implemention on earlier
versions of Windows CE.)
Early in the boot process, CeGenRandom is not very random, because there
just hasn't been an opportunity for it to collect any entropy. We are
actively investigating what we can do to increase the quality of the random
number generation, early in the boot process.
I am on the team responsible for CeGenRandom and CryptGenRandom, and I
invite you to send me an email directly (remove the "online" from my posted
emal address), to discuss what tact your might take. With suitable entropy,
CenGenRandom is a reasonable-quality generator, but the trick is getting it
to seed well - the IOCTL_HAL_GET_RANDOM_SEED mechanism lets an OEM provide
their own seed, but what are you going to seed it with?
(In addition, if you aren't on Windows CE 5.0, let me know what version you
are on, and I can investigate the older source trees.)
--Don
-- This posting is provided "AS IS" with no warranties, and confers no rights. "bsqr_TSAT" <TSatagaj at hotmail dot com> wrote in message news:eJmpEMHjEHA.2580@TK2MSFTNGP10.phx.gbl... > Thanks for the post George. > We're trying to generate a random # very early in a very deterministic > boot > process. Right now, the cryptography services aren't available. > CeGenRandom seems to work (whereas Random doesn't), but I would like to > know > exactly what is being used to generate the number. > > > > "George McCollister" <georgem@novatech-llc.com> wrote in message > news:%23OAkuVFjEHA.3944@tk2msftngp13.phx.gbl... >> bsqr_TSAT wrote: >> > Does anyone know what seeds the CeGenRandom() function? >> > >> > >> >> Do you not have access to CryptGenRandom? CryptGenRandom is FIPS 140-1 >> approved (at least in Windows 2000). The Windows 2000 version of the >> function (which hopefully isn't too different from the CE version) seeds >> from 100+ different inputs including: QueryPerformanceCounter, internal >> CPU counters, current time, process information like idle process time, >> io read transfer count, etc.... >> >> I would suspect that CeGenRandom uses a similar (but probably much >> smaller) list of inputs. Its probably suitable for nearly everything >> except encryption purposes. >> >> Regards, >> George McCollister >> NovaTech LLC > >
- Next message: Sajid: "[Q]: DisableThreadLibraryCalls"
- Previous message: saradhi: "Re: NMAKE : U1073: don't know how to make 'RomImage' ?????"
- In reply to: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Next in thread: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Reply: bsqr_TSAT: "Re: What seeds CeGenRandom?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
