Crypt Gen Random - Security

Security

The security of a cryptosystem's CSPRNG is significant because it is the origin for dynamic key material. Keys needed "on the fly", such as the AES TLS session keys that protect HTTPS sessions with bank websites, originate from CSPRNGs. If these pseudorandom numbers are predictable, session keys are predictable as well. Because CryptGenRandom is the de facto standard CSPRNG in Win32 environments, its security is critical for Windows users.

The specifics of CryptGenRandom's algorithm have not been officially published. As with any unpublished random number generation algorithm, it may be susceptible to theoretical weaknesses including the use of outdated algorithms, and a reliance for entropy gathering on several monotonically-increasing counters that might be estimated or controlled to an extent by an attacker with local access to the system.

Read more about this topic:  Crypt Gen Random

Famous quotes containing the word security:

    The contention that a standing army and navy is the best security of peace is about as logical as the claim that the most peaceful citizen is he who goes about heavily armed. The experience of every-day life fully proves that the armed individual is invariably anxious to try his strength. The same is historically true of governments. Really peaceful countries do not waste life and energy in war preparations, with the result that peace is maintained.
    Emma Goldman (1869–1940)

    It is hard for those who have never known persecution,
    And who have never known a Christian,
    To believe these tales of Christian persecution.
    It is hard for those who live near a Bank
    To doubt the security of their money.
    —T.S. (Thomas Stearns)

    ... most Southerners of my parents’ era were raised to feel that it wasn’t respectable to be rich. We felt that all patriotic Southerners had lost everything in defense of the South, and sufficient time hadn’t elapsed for respectable rebuilding of financial security in a war- impoverished region.
    Sarah Patton Boyle, U.S. civil rights activist and author. The Desegregated Heart, part 1, ch. 1 (1962)