Re: What seeds CeGenRandom?
From: bsqr_TSAT (TSatagaj)
Date: 08/31/04
- Next message: Aaron Cheng: "RE: PlaySound LNK2019"
- Previous message: Michael Fosmire [MSFT]: "ANN: Reminder: Windows CE chat tomorrow"
- In reply to: Don Dumitru [MSFT]: "Re: What seeds CeGenRandom?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 30 Aug 2004 17:14:47 -0700
Thanks for the input Don.
That's exactly what I was looking for.
I'm building this for CE4.2.
I didn't code it yet, but I'm pretty sure that I know what I will do.
>From OEMInit(), we start the system timer and a couple of other timers.
I think that I can read values from the h/w countdown registers, mangle them
together, and create a good random seed of 4 or 5 bytes.
Thanks again for your info
"Don Dumitru [MSFT]" <dondu@online.microsoft.com> wrote in message
news:eyN1W5ljEHA.1136@tk2msftngp13.phx.gbl...
> On Windows CE, CryptGenRandom uses CeGenRandom, and then pushes those bits
> through a cryptographic hash algorithm. CryptGenRandom is not going to be
> more random than CeGenRandom, because the output of CeGenRandom is what
> seeds CryptGenRandom.
>
> In Windows CE 5.0, CeGenRandom is seeded from...
> - 64 bits of "noise" from the kernel level, which gets updated on task
> switches
> - the output from IOCTL_HAL_GET_RANDOM_SEED
> - the output from IOCTL_HAL_GET_HWENTROPY
> - the output from GetLocalTime
> - the current process ID
> - the current thread ID
> - the current tick count
> - the output from GetMessagePos
> - the output from GlobalMemoryStatus
> - the output from GetStoreInformation
> (I don't have easy access to information about the implemention on earlier
> versions of Windows CE.)
>
> Early in the boot process, CeGenRandom is not very random, because there
> just hasn't been an opportunity for it to collect any entropy. We are
> actively investigating what we can do to increase the quality of the
random
> number generation, early in the boot process.
>
> I am on the team responsible for CeGenRandom and CryptGenRandom, and I
> invite you to send me an email directly (remove the "online" from my
posted
> emal address), to discuss what tact your might take. With suitable
entropy,
> CenGenRandom is a reasonable-quality generator, but the trick is getting
it
> to seed well - the IOCTL_HAL_GET_RANDOM_SEED mechanism lets an OEM provide
> their own seed, but what are you going to seed it with?
>
> (In addition, if you aren't on Windows CE 5.0, let me know what version
you
> are on, and I can investigate the older source trees.)
>
> --Don
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "bsqr_TSAT" <TSatagaj at hotmail dot com> wrote in message
> news:eJmpEMHjEHA.2580@TK2MSFTNGP10.phx.gbl...
> > Thanks for the post George.
> > We're trying to generate a random # very early in a very deterministic
> > boot
> > process. Right now, the cryptography services aren't available.
> > CeGenRandom seems to work (whereas Random doesn't), but I would like to
> > know
> > exactly what is being used to generate the number.
> >
> >
> >
> > "George McCollister" <georgem@novatech-llc.com> wrote in message
> > news:%23OAkuVFjEHA.3944@tk2msftngp13.phx.gbl...
> >> bsqr_TSAT wrote:
> >> > Does anyone know what seeds the CeGenRandom() function?
> >> >
> >> >
> >>
> >> Do you not have access to CryptGenRandom? CryptGenRandom is FIPS 140-1
> >> approved (at least in Windows 2000). The Windows 2000 version of the
> >> function (which hopefully isn't too different from the CE version)
seeds
> >> from 100+ different inputs including: QueryPerformanceCounter, internal
> >> CPU counters, current time, process information like idle process time,
> >> io read transfer count, etc....
> >>
> >> I would suspect that CeGenRandom uses a similar (but probably much
> >> smaller) list of inputs. Its probably suitable for nearly everything
> >> except encryption purposes.
> >>
> >> Regards,
> >> George McCollister
> >> NovaTech LLC
> >
> >
>
>
- Next message: Aaron Cheng: "RE: PlaySound LNK2019"
- Previous message: Michael Fosmire [MSFT]: "ANN: Reminder: Windows CE chat tomorrow"
- In reply to: Don Dumitru [MSFT]: "Re: What seeds CeGenRandom?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
