CPGenRandom

The CPGenRandom function fills a buffer with random bytes.

BOOL CPGenRandom(
  HCRYPTPROV hProv,  // in
  DWORD dwLen,       // in
  BYTE *pbBuffer     // in, out
);
 

Parameters

hProv

Handle to a particular key container (or "context") within the CSP. This handle is obtained via a call to CPAcquireContext.

dwLen

Number of bytes of random data to be generated.

pbBuffer

Buffer to which the function is to copy the random data. This buffer is dwLen bytes in length.

Upon input to the function, this buffer may contain up to dwLen bytes of random data that the CSP can use in generating a random seed. This is discussed further in the "Remarks" section.

Return Values

If the function succeeds, TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.

Remarks

Although CPGenRandom is one of the more difficult functions to implement correctly, it must be done correctly to maintain the security of your CSP. The CPGenRandom function is (typically) used internally by the CPGenKey function, as well by applications when generating data items used in cryptographic protocols, such as challenge strings. If the value of the cryptographic keys or challenge strings produced by your CSP is in any way predictable, then your CSP is not doing its job.

There are two components to a good random number generator: a method of getting a truly random seed and an algorithm that will generate a good pseudo-random stream of data based on the seed.

Generating a truly random seed can be difficult, depending on the hardware that your CSP is running on. If your CSP has access to a hardware random number source (such as some slightly radioactive material and a Geiger counter), then this doesn't present much of a problem. If your CSP is completely software-based, some of the following sources may be used:

• The system time.
• Any high-precision clocks that exist on the system board and peripherals.
• The cursor or mouse pointer location.
• Any accumulated physical state information in keyboard input buffers, I/O service queues, video drivers, and so on.
• The number of tasks in the OS scheduling queue, their task identifiers, or their code base addresses and sizes.
• Data from the application, passed into the CryptGenRandom function.

All of this data can be hashed together, along with the random seed from the previous session, to make a fairly good random seed. A new seed should be generated periodically throughout the session, to avoid placing too much reliance on the pseudo-random stream generator.

Once the random seed has been obtained, any number of algorithms can be used to generate a pseudo-random stream of data based on it. Sometimes a stream cipher such as RC4 is used for this purpose (with the seed forming the keying material). The following sources describe other algorithms and techniques:

• Bellare, M., and P. Rogaway. Optimal Asymmetric Encryption. Advances in Cryptology—EUROCRYPT '94, ed. by A. deSantis, Springer-Verlag, 1995, pp. 92-111, Lecture Notes in Computer Science, vol. 950.
• Blum, L. , M. Blum, and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing 15(2)(May 1986); 364-383.
• M. Blum and S. Micali, "How to generate cryptographically strong sequences of pseudo-random bits," SIAM Journal on Computing 13(4)(November 1984); 850-864.

See Also

CryptGenRandom