Call for Paper - February 2021 Edition
IJCA solicits original research papers for the February 2021 Edition. Last date of manuscript submission is January 20, 2021. Read More

Windows and Linux Random Number Generation Process: A Comparative Analysis

International Journal of Computer Applications
© 2015 by IJCA Journal
Volume 113 - Number 8
Year of Publication: 2015
Khudran Alzhrani
Amer Aljaedi

Khudran Alzhrani and Amer Aljaedi. Article: Windows and Linux Random Number Generation Process: A Comparative Analysis. International Journal of Computer Applications 113(8):17-25, March 2015. Full text available. BibTeX

	author = {Khudran Alzhrani and Amer Aljaedi},
	title = {Article: Windows and Linux Random Number Generation Process: A Comparative Analysis},
	journal = {International Journal of Computer Applications},
	year = {2015},
	volume = {113},
	number = {8},
	pages = {17-25},
	month = {March},
	note = {Full text available}


In this paper, we explore and analyze the structure and functions of Random Number Generator (RNG) in Windows and Linux opreating systems. And compare the capabilities of their RNGs. It expected that this research would contribute to awareness of the quality and security of the random number generators implemented in Linux and Windows operating systems. It provides unbiased academic research in facilitating informed decision.


  • I. Goldberg and D. Wagner, "Randomness and the Netscape browser," Dr. Dobb's Journal, January 1996. [Online]. Available:http://www. cs. berkeley. edu/~daw/papers/ddj-netscape. html.
  • Z. Gutterman and D. Malkhi, "Hold Your Sessions: An Attack on Java Session-Id Generatio," in A. J. Menezes, (Ed. ): CT-RSA 2005, LNCS 3376, pp. 44–57, 2005. [Online]. Available:http://research. microsoft. com/pubs/64680/gm05. pdf.
  • CVE-2008-0166, "Debian generated SSH-Keys working exploit," [Online]. Available: http://www. securityfocus. com/archive/1/archive/1/492112/100/0/threaded
  • M. Howard, D. LeBlanc, Writing secure code, Second Ed, Microsoft Press, 2002.
  • M. Howard, D. Leblanc, and J. Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill, New York City, NY, USA, 2009.
  • L. Dorrendorf, Z. Gutterman, and B. Pinkas. 2007. Cryptanalysis of the windows random number generator. In Proceedings of the 14th ACM conference on Computer and communications security (CCS '07). ACM, New York, NY, USA, 476-485. DOI=10. 1145/1315245. 1315304.
  • K. Lee, Y. Lee, J. Park, K. Yim, and I. You, "Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)," Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference on , pp. 709,713, July 2013.
  • Z. Gutterman and B. Pinkas, and T Reinman, "Analysis of the Linux random number generator," In IEEE Symposium on Security and Privacy (2006), IEEE Computer Society, pp. 371–385.
  • P. Lacharme, A. Röck, V. Strubel, and M. Videau, "The Linux pseudorandom number generator revisited," Cryptology ePrint Archive, Report 2012/251, 2012, [Online]. Available: http://eprint. iacr. org/2012/251. pdf
  • Y. Dodis, D. Pointcheval, S. Ruhault, D. Vergnaud, and D. Wichs, "Security Analysis of Pseudo-Random Number Generators with Input: /dev/random is not Robust," The 2013 ACM SIGSAC conference on Computer & communications security, pp. 647-658.
  • B. Barak and S. Halevi. A model and architecture for pseudo-random generation with applications to /dev/random. In ACM Conf. on Comp. and Communications Sec. - CCS 2005, pages 203–212, 2005.
  • Randomness Requirements for Security, RFC 4086, June 2005.
  • E. Barker and J. Kelsey. Recommendation for Random Number Generation Using Deterministic Random Bit Generators, NIST Special Publication 800-90A, January 2012.
  • Kernel Mode Cryptographic Primitives Library (CNG. SYS), v. 1. 1 , Security Policy for FIPS 140-2 Validation, July17, 2013.
  • Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program. NIST- Communication Security Established Canada. April,2014.
  • BitLocker® Windows OS Loader (WINLOAD), v. 1. 1 , Security Policy for FIPS 140-2 Validation , July17, 2013.
  • Intel Corporation. 2012. Intel Digital Random Number Generator (DRNG) Software Implementation Guide. [Online]. Available: http://software. intel. com/en-us/articles/inteldigital- random-number-generator-drng-softwareimplementation- guide. (Aug. 2012).
  • Cryptographic Primitives Library (BCRYPTPRIMITIVES. DLL), v. 1. 1 , Security Policy for FIPS 140-2 Validation , July17,2013.
  • Microsoft, "Cryptography API: Next Generation", Microsoft Developer Network . [Online]. Available: http://msdn. microsoft. com/enus/
  • Linux Cross Reference, [Online]. Available: http://lxr. free-electrons. com/source/drivers/char/random. c
  • M. Matsumoto and Y. Kurita. Twisted GFSR generators. ACM Transactions on Modeling and Computer Simulation, 2(3):179–194, 1992.
  • M. Matsumoto and Y. Kurita. Twisted GFSR generators II. ACM Transactions on Modeling and Computer Simulation, 4(3):254–266, 1994.
  • A. Suciu and T. Carean, "Benchmarking the True Random Number Generator of TPM Chips. " CoRRabs/1008. 2223 (2010) . [Online]. Available: http://arxiv. org/abs/1008. 2223.
  • T. Vuillemin, F. Goichon, C. Lauradoux, and G. Salagnac. " Entropy transfers in the Linux Random Number Generator". hal-00738638, version 1 - 4, 2012.
  • Linux programmer's Manual. [Online]. Available: http://man7. org/linux/man-pages/man4/random. 4. html