Re: Entropy sources under WinXP
- From: Mark Nudelman <markn@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 20 May 2007 17:26:51 -0700
On 5/18/2007 4:13 PM, Sebastian G. wrote:
Mark Nudelman wrote:
You can use CryptGenRandom to generate random numbers, or directly read
the registry value HKLM\Software\Microsoft\Cryptography\RNG\Seed.
You cannot directly read this value without risking a buffer overflow on
Windows version before Windows Vista.
Eh? As far as I'm aware, it can be read safely the same way any other
registry value of unknown size can be read: call RegQueryValueEx once to
discover the size of the value in the registry, and then call it again
to read the amount of data you want.
And if the size of the value can change in between (which is the case
for this one), you have a problem. You'd require either a lock (which
you won't get) or transactional semantics (only on Windows Vista).
I don't see the problem. When you read a registry value using
RegQueryValueEx, you specify the size of your buffer in the last
parameter. The buffer cannot be overrun unless you specify a size
that's larger than your buffer, which is a programming bug. If the
registry value grows so that it's larger than you expected, an
ERROR_MORE_DATA status is returned. In no case does it write past the
end of the buffer that you supply.
--Mark
.
- Follow-Ups:
- Re: Entropy sources under WinXP
- From: Sebastian G.
- Re: Entropy sources under WinXP
- References:
- Entropy sources under WinXP
- From: keith
- Re: Entropy sources under WinXP
- From: Mark Nudelman
- Re: Entropy sources under WinXP
- From: Sebastian G.
- Re: Entropy sources under WinXP
- From: Mark Nudelman
- Re: Entropy sources under WinXP
- From: Sebastian G.
- Entropy sources under WinXP
- Prev by Date: Re: Entropy sources under WinXP
- Next by Date: Re: Entropy sources under WinXP
- Previous by thread: Re: Entropy sources under WinXP
- Next by thread: Re: Entropy sources under WinXP
- Index(es):
Relevant Pages
|
