The exact Windows CryptGenRandom algorithm has never been published, so some security experts suggest not using it at all.
Some reverse engineering and cryptanalysis has been done. A published study ( Cryptanalysis of the Windows Random Number Generator - Leo Dorrendorf, 2007 ) examined the RNG of Windows 2000 and found a number of shortcomings in the design and implementation.
The document also describes the mechanism of the entropy collector of the algorithm (Section 4.2.3). Sources of entropy:
Source Bytes requested CircularHash 256 KSecDD 256 GetCurrentProcessID() 8 GetCurrentThreadID() 8 GetTickCount() 8 GetLocalTime() 16 QueryPerformanceCounter() 24 GlobalMemoryStatus() 16 GetDiskFreeSpace() 40 GetComputerName() 16 GetUserName() 257 GetCursorPos() 8 GetMessageTime() 16 NTQuerySystemInformation calls: ProcessorTimes 48 Performance 312 Exception 16 Lookaside 32 ProcessorStatistics up to the remaining length (3584 bytes buffer) ProcessesAndThreads up to the remaining length
Since we are talking about a pseudo-numerical generator and not a real number generator, you can say that there is no real entropy at all or consider only sources that you can consider as "entropy" (pseudo-entropy).
I could not find information about new versions in Windows.
Lior kogan
source share