地穴基因随机熵 [英] CryptGenRandom Entropy
问题描述
CryptGenRandom是Windows中CryptoAPI中的随机数生成器函数.那个随机数生成器有多少熵?我已经看了很多东西,但是找不到.预先感谢.
CryptGenRandom is a random number generator function in CryptoAPI in Windows. How much entropy has that random number generator ? I have already looked a lot, but I couldn't find it. Thanks in advance.
推荐答案
Windows CryptGenRandom的确切算法从未发布,因此,一些安全专家建议完全不要使用它.
The exact algorithm of Windows CryptGenRandom was never published, therefore, some security experts suggest not to use it at all.
进行了一些逆向工程和密码分析. 已发表的研究报告( Windows随机密码分析编号生成器-Leo Dorrendorf,2007 )检查了Windows 2000 RNG并发现了许多 设计和实施中的弱点.
Some reverse-engineering and cryptanalysis was made. A published research (Cryptanalysis of the Windows Random Number Generator - Leo Dorrendorf, 2007) examined Windows 2000 RNG and found a number of weaknesses in the design and implementation.
该文档还描述了该算法的熵收集器机制(第4.2.3节).熵的来源是:
The document also describes the entropy collector mechanism of the algorithm (section 4.2.3). The Entropy sources are:
Source Bytes requested
CircularHash 256
KSecDD 256
GetCurrentProcessID() 8
GetCurrentThreadID() 8
GetTickCount() 8
GetLocalTime() 16
QueryPerformanceCounter() 24
GlobalMemoryStatus() 16
GetDiskFreeSpace() 40
GetComputerName() 16
GetUserName() 257
GetCursorPos() 8
GetMessageTime() 16
NTQuerySystemInformation calls:
ProcessorTimes 48
Performance 312
Exception 16
Lookaside 32
ProcessorStatistics up to the remaining length (3584 bytes buffer)
ProcessesAndThreads up to the remaining length
由于我们在谈论的是伪数字生成器,而不是实数生成器,因此您可以说根本没有真正的熵,或者只计算您可能认为是熵"的源(伪-熵).
Since we are talking about a pseudo-number-generator and not a real-number-generator, you may say that there is no real entropy at all, or count only the sources that you may consider as "entropy" (pseudo-entropy).
我无法找到有关Windows上较新版本的信息.
I was unable to find information regarding newer versions on Windows.
这篇关于地穴基因随机熵的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
