CryptGenRandom

CryptGenRandom is a deprecated[1] cryptographically secure pseudorandom number generator function that is included in Microsoft CryptoAPI. In Win32 programs, Microsoft recommends its use anywhere random number generation is needed. A 2007 paper from Hebrew University suggested security problems in the Windows 2000 implementation of CryptGenRandom (assuming the attacker has control of the machine). Microsoft later acknowledged that the same problems exist in Windows XP, but not in Vista. Microsoft released a fix for the bug with Windows XP Service Pack 3 in mid-2008.[2]

  1. ^ CryptGenRandom Function (Windows) "Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases." (This notice applies to all of CryptoAPI.)
  2. ^ "Microsoft confirms that XP contains random number generator bug". Archived from the original on 2008-06-22.