Home Forums TrueRNG Hardware random number generator Feeding Windows entropy pool

Tagged: , , ,

This topic contains 2 replies, has 3 voices, and was last updated by  redneonglow 5 years, 10 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • May 31, 2017 at 3:29 am #2088

    Victorsueca
    Member

    Hi, I was wondering if it’s possible to use TrueRNG v3 to feed the entropy pool that windows uses for things such RNGCryptoServiceProvider or RandomNumberGenerator on .NET

    June 5, 2017 at 1:11 pm #2089

    Ubld.it Staff
    Moderator

    I don’t know of anything pre made, in theory _if_ it is possible to seed them (through an API), then writing a service to read data from the TrueRNG and feeding/Seeding them would work. Otherwise, the approach many windows developers do is just open the com port from the TrueRNG, and toggle DTR when they need random data, then DTR to stop the flow again. That is the easiest approach.

    May 28, 2018 at 8:05 pm #2146

    redneonglow
    Member

    According to these three links:

    https://stackoverflow.com/questions/22150896/is-it-possible-to-add-entropy-from-a-hardware-rng-to-the-windows-cryptoapi

    https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1328.pdf

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa375458.aspx

    …it was once possible for developers to incorporate additional sources of entropy, but this was discontinued in Windows 8 and later, in favor of a TPM.

    There are, however, sources of entropy in addition to a TPM (or when a TPM is unavailable). Microsoft is vague as to how these sources are used or to what extent each source is taken into account. It would appear that this is per-application rather than a single /dev/random

    Reading those articles, it would seem that a Windows equivalent of rngd, using TrueRNG hardware, could affect entropy per-application in the following ways:

    * Incrementing the serial port count by 1
    * Occasionally writing random amounts of TrueRNG-generated random bytes to memory (and/or the page file), using a random amount of threads
    * Adding one or more TrueRNG-generated nonsense environment variables to the system that occasionally change
    * The fact that a program exists doing all this

    Something like this would be interesting. Unfortunately it would be tough to prove how/if it has any effect.

    • This reply was modified 5 years, 10 months ago by  redneonglow.
  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.