On Windows, CryptGenRandom is the standard random number generator to use.
It is called by many packages like Python’s Random and Secrets modules, which both use os.urandom
, which in turns calls CryptGenRandom.
For the algorithm of CryptGenRandom, I found out the following:
In Windows Vista with Service Pack 1 (SP1) and later, an implementation of the AES counter-mode based PRNG specified in NIST Special Publication 800-90 is used. In Windows Vista, Windows Storage Server 2003, and Windows XP, the PRNG specified in Federal Information Processing Standard (FIPS) 186-2 is used.
However, the NIST publication does not specify which entropy source is used.
In the case of my laptop, I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. The processor contains a RNG called Secure Key Technology. Is this used as entropy source by CryptGenRandom?
The initial entropy sources include:
Windows 10 has many entropy sources; these work together to ensure that the OS has good entropy. Different entropy sources guarantee good entropy in different situations; by using them all the best coverage is attained.
From : The Windows 10 random number generation infrastructure
This whitepaper explores details about the Windows 10 pseudo-random number generator (PRNG) infrastructure and lists the primary RNG APIs. The whitepaper also explains how the entropy system works, what the entropy sources are, and how initial seeding works.