c00*_*0fd 0 c random encryption winapi cryptography
I swear, this seems to be changing every time I check the MSDN documentation. When I coded my executable Microsoft was suggesting to use RtlGenRandom API to generate cryptographically strong random numbers.
Now when I'm checking documentation for RtlGenRandom, the note there suggests using CryptGenRandom instead. But then another note for CryptGenRandom states this:
Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
So can someone show an example in C of how to use those "Cryptography Next Generation APIs" to generate a byte array of random numbers that Microsoft recommends now?
没关系,在Windows XP和更高版本上,默认提供程序最终会调用相同的功能。2000和未修补XP上的RNG内部主要使用SHA1 + RC4,并且存在一些安全问题。
我只是在Windows 8上做了一些实验,这是我发现的:
RtlGenRandom(AKA advapi32!SystemFunction036)致电CRYPTBASE!SystemFunction036>>> bcryptPrimitives!ProcessPrng>>> bcryptPrimitives!AesRNG*。CryptGenRandom呼叫CRYPTSP!CryptGenRandom>>> %provider%!CPGenRandom>>> CRYPTBASE!SystemFunction036。%provider%在我的测试中是rsaenh或dssenh,但如果您专门要求第三方供应商,则可能是另一种实现。BCryptGenRandom电话bcryptPrimitives!MSCryptGenRandom>>> bcryptPrimitives!GenRandomAes>>> bcryptPrimitives!AesRNG*用BCRYPT_RNG_ALGORITHMCNG算法标识符(BCRYPT_RNG_DUAL_EC_ALGORITHM在最终bcryptPrimitives!GenRandomDualEcc代替)。当然,这是未记录的实现细节,可以更改,但是我真的不认为您需要担心选择哪个功能。如果您的目标是Vista +,则可以使用BCrypt。CryptGenRandom将永远不会被删除,它将破坏太多的应用程序,如果支持<Vista,则应该选择它。