CryptGenRandom

CryptGenRandom is a deprecated[1] cryptographically secure pseudorandom number generator function that is included in Microsoft CryptoAPI.

A 2007 paper from Hebrew University suggested security problems in the Windows 2000 implementation of CryptGenRandom (assuming the attacker has control of the machine).

Microsoft-provided cryptography providers share the same implementation of CryptGenRandom, currently based on an internal function called RtlGenRandom.

[3] Only a general outline of the algorithm had been published as of 2007[update]: [RtlGenRandom] generates as specified in FIPS 186-2 appendix 3.1 with SHA-1 as the G function.

And with entropy from: [omitted: long lists of low-level system information fields and performance counters] [4] Microsoft has documented the implementation of the Windows 10 random number generator in some detail, in a whitepaper published in 2019.

[7] To take advantage of the vulnerability, an attacker would first need to compromise the program running the random number generator.

However, the Hebrew University team notes that an attacker only need steal the state bits once in order to persistently violate the security of a CryptGenRandom instance.

Their paper is the first published record of how the Windows cryptographic random number generator operates[citation needed].

On a default Windows XP and later install, CryptGenRandom calls into a function named ADVAPI32!RtlGenRandom, which does not require you load all the CryptAPI stuff.