Peter Gutmann (pgut001@cs.auckland.ac.nz)
Sun, 31 Jan 1999 04:51:15 (NZDT)
I wrote:
>For the CSPRNG I described at the Usenix security symposium in January I'm
>currently seeding the entropy pool under Windows NT using the NT performance
>counters. Over the last year or so I've found more and more problems with
>this approach which arise from the fact that the NT function which obtains
>this information, RegQueryValueEx(), is so incredibly flaky that it's just
>too dangerous to use to obtain randomness.
Since then I've received mail from Wolfgang Gothier <hwg@gmx.net> who has
found out further details about the problem. It turns out that it isn't quite
as bad as I'd thought - there's definitely a serious problem in
RegQueryValueEx(), but there's a workaround which should be satisfactory in
most cases.
Because this function can take quite some time to execute, I was calling it in
a background thread which gathered the data and then passed it back to the
main program via an (appropriately synchronised and mutexed) mechanism. It
turns out that if you call RegQueryValueEx() from a thread other than the main
thread, it hangs indefinitely, but if you call it from the main thread it
works fine. The original code was in C, but a small test program in Delphi
produced the same results. This bug occurs in (at least) NT 4.0 build 1381,
SP3 and SP4.
As a result of this problem, if you're doing entropy gathering under NT, you
need to call the (rather slow) RegQueryValueEx() from your program's main
thread, not from a worker thread, effectively stalling program execution for
several seconds on each poll. I'll play around a bit with delays before the
(threaded) poll in case there's a synchronisation problem when a thread is
started so that calling RegQueryValueEx() soon afterwards causes problems,
maybe it can be fixed with a Sleep().
My thanks to Wolfgang for tracking down this problem.
Peter.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06