Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Random number generator security: BCryptGenRandom vs RNGCryptoServiceProvider

Tags:

c#

.net

security

random

cryptography

For those in a hurry, this is NOT related to the controversial Dual_EC_DRBG planted inside NIST's SP800-90A.

About the two RNGs:

  1. The Microsoft BCRYPT layer based one is over their C API. BCryptGenRandom is following NIST SP800-90A's CTR_DRBG (i.e. uses an approved block cipher, AES, to create random bits). However it is unclear if it uses a hardware random source as seed (or part of the seed)...

  2. The Microsoft .NET RNGCryptoServiceProvider is C# based. Looking at the .NET source code (or here), I see it end up calling the C++ method CapiNative.GenerateRandomBytes(). There should have been a P/Invoke stub for the C#=>C++ transition but I couldn't find it anywhere in the framework source. So I have no idea how it's actually implemented.

Does anyone have additional information on these two random number generators? Do either/both use HW random seeds (either via diode noise in older intels or the controversial RDRAND in the latest intels).

PS: Not sure it this should be at Security, StackOverflow or Cryptography ...

like image 994
DeepSpace101 Avatar asked Mar 23 '23 03:03

DeepSpace101

1 Answers

The Microsoft .NET RNGCryptoServiceProvider is a C# based

Not exactly, the managed framework class is just a thin wrapper over the Crypto api built into Windows. All the System.Security.Cryptography classes whose name end with ServiceProvider are wrappers for the native API. Those whose name ends in Managed are implemented in pure managed code. Accordingly, the XxxServiceProvider classes use FIPS validated cryptogaphy, and the XxxManaged classes are not.

It is not exactly pinvoke, it uses a common mechanism to make direct calls in CLR code. The jitter consults a table with addresses of C++ functions and compiles the CALL machine code instruction directly. The mechanism is described in this answer. Having a look at the actual code isn't possible, it isn't included in the SSCLI20 distribution and was altered to use the QCall mechanism in .NET 4.

So the assertion is unprovable, but it is pretty likely that RNGCryptoServiceProvider and the algorithm provider you pass to BCryptGenRandom() use the same source for random numbers. Which in Windows is an unnamed exported function in advapi.dll, this answer gives an excellent summary of what it uses.

If this truly concerns you and you want a reliable source of information then don't take advice from a free Q+A web site for your security needs. Call Microsoft Support.

like image 57
Hans Passant Avatar answered Apr 07 '23 13:04

Hans Passant
Sign in to Comment

Related questions

Notify thread when data is added in queue
Inserting image in a message box
Displaying data in console window from database
Something like a VLOOKUP
What is the right approach when no handler is found in the call stack in C# program
How to send data from javascript to ASP.NET MVC controller using URL
MVVM when to create a viewmodel for a control?
Passing NULL to ref/out parameter of a COM interface method
How Math.Pow (and so on) actually works
In C#, should I use struct to wrap an object in order to fulfill additional interfaces?
C# Debug and release mode
Triggering RaisePropertyChanged when Sub Property is changed - MvvmCross
consuming REST API with C#
Trying to step through BackgroundWorker code in debug but program ends unexpectedly
How BDD complements TDD
What is the best scenario for one fast producer multiple slow consumers?
Change a list of items after its constructed
Custom PSHostUserInterface is ignored by Runspace
ASP.NET MVC Delete View -how does this work
Generate Combinations of generic list

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!