Closed Bug 331314 Opened 14 years ago Closed 11 years ago
Time to periodically review PRNG seeding for Windows
Every few years we need to revisit our entropy collection code in NSS and NSPR, to see if it is still adequate and if OS changes made since we last visited it have lessened its effectiveness. Ben Goodger recently asked about how we gather entropy on Windows systems, http://lxr.mozilla.org/security/source/security/nss/lib/freebl/win_rand.c and so I took a look at it again for the first time since I worked on it for WinCE (Pocket PC 2002) 4 years ago. I didn't like what I found. The good news is that this is not the only source of entropy on Windows systems. The code in question is used to seed NSS's FIPS-validated PRNG. Seeding is a bear. Note also that this code was supposed to have been moved from NSS to NSPR a few years ago. I think that work was never completed, because it's still in NSS. (It may also be in NSPR now)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp This is the equivalent of /dev/urandom under UNIX. In typical MS style, it is much more difficult to use (must acquire a context, must make sure the context is valid, if it's not, must attempt to create a context, if can't then can't use the function, otherwise seed it with whatever you've got and let it generate random bytes for you via RC4, then close the context. Windows 95 OSR2+, redistributable first shipped with Internet Explorer 3.02.
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
A cryptographically significant flaw has been found in the function CryptGenRandom. See http://eprint.iacr.org/2007/419.pdf
If this bug is completed by Nov17 2008 it will be included in the FIPS2008 validation otherwise it will be dropped for a later release.
A review was completed on NSS 3.12.3 code base when Bob replaced the FIPS 186-2 PRNG with SP 800-90 Hash_DRBG see bug 457045
Assignee: nobody → rrelyea
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Target Milestone: --- → 3.12.3
You need to log in before you can comment on or make changes to this bug.