Cryptanalysis of the windows random number generator

Leo Dorrendorf, Zvi Gutterman, Benny Pinkas

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

40 Scopus citations


The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the first time, the algorithm used by the pseudo-random number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a on-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on the forward-security demonstrates that the design of the generator is flawed, since it is well known how to prevent such attacks. We also analyzed the way in which the generator is run by the operating system, and found that it amplifies the effect of the attacks. As a result, learning a single state may reveal 128 Kbytes of the past and future output of the generator. The implication of these findings is that a buffer overflow attack or a similar attack can be used to learn a single state of the generator, which can then be used to predict all random values, such as SSL keys, used by a process in all its past and future operation. This attack is more severe and more efficient than known attacks, in which an attacker can only learn SSL keys if it is controlling the attacked machine at the time the keys are used.

Original languageEnglish
Title of host publicationCCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
Number of pages10
StatePublished - 2007
Externally publishedYes
Event14th ACM Conference on Computer and Communications Security, CCS'07 - Alexandria, VA, United States
Duration: 29 Oct 20072 Nov 2007

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Conference14th ACM Conference on Computer and Communications Security, CCS'07
Country/TerritoryUnited States
CityAlexandria, VA


  • Cryptanalysis
  • Pseudo random number generator (PRNG)
  • Windows operating system


Dive into the research topics of 'Cryptanalysis of the windows random number generator'. Together they form a unique fingerprint.

Cite this