pythonwindowsrandomprocessorrdrand

Does CryptGenRandom use the RNG in my processor?


On Windows, CryptGenRandom is the standard random number generator to use. It is called by many packages like Python’s Random and Secrets modules, which both use os.urandom, which in turns calls CryptGenRandom.

For the algorithm of CryptGenRandom, I found out the following:

In Windows Vista with Service Pack 1 (SP1) and later, an implementation of the AES counter-mode based PRNG specified in NIST Special Publication 800-90 is used. In Windows Vista, Windows Storage Server 2003, and Windows XP, the PRNG specified in Federal Information Processing Standard (FIPS) 186-2 is used.

However, the NIST publication does not specify which entropy source is used.

In the case of my laptop, I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. The processor contains a RNG called Secure Key Technology. Is this used as entropy source by CryptGenRandom?


Solution

  • The initial entropy sources include:

    Windows 10 has many entropy sources; these work together to ensure that the OS has good entropy. Different entropy sources guarantee good entropy in different situations; by using them all the best coverage is attained.

    From : The Windows 10 random number generation infrastructure

    This whitepaper explores details about the Windows 10 pseudo-random number generator (PRNG) infrastructure and lists the primary RNG APIs. The whitepaper also explains how the entropy system works, what the entropy sources are, and how initial seeding works.