...
Compliant Solution (Windows)
| Wiki Markup |
|---|
[CryptGenRandom()|http://msdn.microsoft.com/en-us/library/aa379942.aspx] does not run the risk of not being properly seeded. The reason for that is that its arguments serve as seeders. From the Microsoft Developer Network {{CryptGenRandom()}} reference \[MSDN\]:The *CryptGenRandom* function fills a buffer with cryptographically random bytes. |
...
Syntax
...
BOOL WINAPI CryptGenRandom(
__in HCRYPTPROV hProv,
__in DWORD dwLen,
__inout BYTE *pbBuffer
);
...
Parameters
...
| Wiki Markup |
|---|
hProv \[in\]
Handle of acryptographic service provider(CSP) created by a call toCryptAcquireContext.
dwLen \[in\]
Number of bytes of random data to be generated.
pbBuffer \[in, out\]
Buffer to receive the returned data. This buffer must be at leastdwLenbytes in length.
Optionally, the application can fill this buffer with data to use as an auxiliary random seed.\\ \\ |
| Code Block | ||
|---|---|---|
| ||
HCRYPTPROV hCryptProv;
union /* union stores the random number generated by CryptGenRandom() */
{
BYTE bs[sizeof(long int)];
long int li;
} rand_buf;
if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) /* An example of instantiating the CSP */
{
printf("CryptAcquireContext succeeded.\n");
}
else
{
printf("Error during CryptAcquireContext!\n");
}
for(int i=0;i<10;i++)
{
if (!CryptGenRandom(hCryptProv, sizeof(rand_buf), (BYTE*) &rand_buf))
{
printf("Error\n");
}
else
{
printf("%ld, ", rand_buf.li);
}
}
output:
1st run: -1597837311, 906130682, -1308031886, 1048837407, -931041900, -658114613, -1709220953, -1019697289, 1802206541, 406505841,
2nd run: 885904119, -687379556, -1782296854, 1443701916, -624291047, 2049692692, -990451563, -142307804, 1257079211, 897185104,
3rd run: 190598304, -1537409464, 1594174739, -424401916, -1975153474, 826912927, 1705549595, -1515331215, 474951399, 1982500583,
...
|
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC18-C |
| likely |
|
|
|
...