Closed Bug 331314 Opened 14 years ago Closed 11 years ago

Time to periodically review PRNG seeding for Windows

Categories

(NSS :: Libraries, enhancement, P3)

3.11
x86
Windows XP
enhancement

Tracking

(Not tracked)

RESOLVED WORKSFORME
3.12.3

People

(Reporter: nelson, Assigned: rrelyea)

References

Details

(Whiteboard: FIPS)

Every few years we need to revisit our entropy collection code in NSS and 
NSPR, to see if it is still adequate and if OS changes made since we last
visited it have lessened its effectiveness.  

Ben Goodger recently asked about how we gather entropy on Windows systems,
http://lxr.mozilla.org/security/source/security/nss/lib/freebl/win_rand.c

and so I took a look at it again for the first time since I worked on it
for WinCE (Pocket PC 2002) 4 years ago.  I didn't like what I found.  The 
good news is that this is not the only source of entropy on Windows systems.

The code in question is used to seed NSS's FIPS-validated PRNG.  
Seeding is a bear.  

Note also that this code was supposed to have been moved from NSS to NSPR
a few years ago.  I think that work was never completed, because it's still
in NSS.  (It may also be in NSPR now)
Priority: -- → P3
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp

This is the equivalent of /dev/urandom under UNIX.  In typical MS style, it is much more difficult to use (must acquire a context, must make sure the context is valid, if it's not, must attempt to create a context, if can't then can't use the function, otherwise seed it with whatever you've got and let it generate random bytes for you via RC4, then close the context.

Windows 95 OSR2+, redistributable first shipped with Internet Explorer 3.02.
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
A cryptographically significant flaw has been found in the function 
CryptGenRandom.  See http://eprint.iacr.org/2007/419.pdf
Blocks: FIPS2008
Whiteboard: FIPS
If this bug is completed by Nov17 2008 it will be included in the FIPS2008 validation otherwise it will be dropped for a later release.
A review was completed on NSS 3.12.3 code base when Bob replaced the FIPS 186-2 PRNG with SP 800-90 Hash_DRBG see bug 457045
Assignee: nobody → rrelyea
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Target Milestone: --- → 3.12.3
See Also: → 1287231
You need to log in before you can comment on or make changes to this bug.