You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, BCryptGenRandom is called with BCRYPT_USE_SYSTEM_PREFERRED_RNG. On some version of Windows, I believe that's the infamous Dual EC generator. Apparently Microsoft has been infiltrated by the NSA, too (as if NSA_KEY was not evidence enough).
Second, BCryptGenRandom is used without a call to BCryptOpenAlgorithmProvider. I'm fairly certain using BCryptOpenAlgorithmProvider like below avoids Dual EC. Its not as convenient as using BCRYPT_USE_SYSTEM_PREFERRED_RNG (gee, what a coincidence):
I believe there's a few issues with rand_win.c.
First,
BCryptGenRandom
is called withBCRYPT_USE_SYSTEM_PREFERRED_RNG
. On some version of Windows, I believe that's the infamous Dual EC generator. Apparently Microsoft has been infiltrated by the NSA, too (as ifNSA_KEY
was not evidence enough).Second,
BCryptGenRandom
is used without a call toBCryptOpenAlgorithmProvider
. I'm fairly certain usingBCryptOpenAlgorithmProvider
like below avoids Dual EC. Its not as convenient as usingBCRYPT_USE_SYSTEM_PREFERRED_RNG
(gee, what a coincidence):Third, the Bcrypt library defines success as
(NTSTATUS)ret >= 0
, and not(NTSTATUS)ret == STATUS_SUCCESS
.The text was updated successfully, but these errors were encountered: