Closed Nielsbishere closed 1 year ago
Fixed by using BCrypt for number generation on windows. Should use /dev/random on linux. This is safer since it uses multiple sources of randomness; such as the TPM, rdrand function, etc. etc. Adding other types of randomness can decrease security.
If the RDRAND function is compromised on intel or amd it impacts security of things like key generation or iv generation. To fix this, multiple sources of entropy should be used and should be fed into SHA256 and then the necessary bytes can be used. This includes things like time, certain registry values, etc.
https://security.stackexchange.com/questions/195515/is-rdrand-used-in-a-safe-way-by-windows-10