Does CryptGenRandom use the RNG in my processor?

Question

On Windows, CryptGenRandom is the standard random number generator to use. It is called by many packages like Python’s Random and Secrets modules, which both use os.urandom, which in turns calls CryptGenRandom.

For the algorithm of CryptGenRandom, I found out the following:

In Windows Vista with Service Pack 1 (SP1) and later, an implementation of the AES counter-mode based PRNG specified in NIST Special Publication 800-90 is used. In Windows Vista, Windows Storage Server 2003, and Windows XP, the PRNG specified in Federal Information Processing Standard (FIPS) 186-2 is used.

However, the NIST publication does not specify which entropy source is used.

In the case of my laptop, I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. The processor contains a RNG called Secure Key Technology. Is this used as entropy source by CryptGenRandom?

Answer 1

The initial entropy sources include:

• Seed file
• External entropy
• TPM randomness
• RDRAND randomness (You mentioned Secure Key Technology-related instruction)
• ACPI-OEM0 table
• Output from the UEFI entropy provider
• The current time

Windows 10 has many entropy sources; these work together to ensure that the OS has good entropy. Different entropy sources guarantee good entropy in different situations; by using them all the best coverage is attained.

From : The Windows 10 random number generation infrastructure

This whitepaper explores details about the Windows 10 pseudo-random number generator (PRNG) infrastructure and lists the primary RNG APIs. The whitepaper also explains how the entropy system works, what the entropy sources are, and how initial seeding works.