...
If an application has access to a good random source, it can fill the
pbBuffer
buffer with some random data before callingCryptGenRandom()
. The CSP then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing thepbBuffer
buffer before callingCryptGenRandom()
.
Code Block | ||
---|---|---|
| ||
HCRYPTPROV hCryptProv;
union {
BYTE bs[sizeof(long int)];
long int li;
} rand_buf;
if(!CryptGenRandom(hCryptProv, sizeof(rand_buf), &rand_buf) {
/* Handle error */
} else {
printf("Random number: %ld\n", rand_buf.li);
}
|
Risk Assessment
Using the rand()
function leads to possibly predictable random numbers.
...