1

Every time I call RAND_bytes and RAND_pseudo_bytes, with the same seed, it returns different random numbers and I don't understand why. It said that the PRNG automatically seeds itself from /dev/urandom in Linux, but how does it work in Windows?

Why does the same seed lead to different random numbers?

jww
  • 97,681
  • 90
  • 411
  • 885
Xiphogod
  • 11
  • 1
  • See [Random Numbers](https://wiki.openssl.org/index.php/Random_Numbers) on the OpenSSL wiki, [Making openssl generate deterministic key](http://stackoverflow.com/q/22759465/608639) and [Do I need to seed any random number generator before using EVP_PKEY_keygen of OpenSSL?](http://stackoverflow.com/q/28537832/608639) – jww May 09 '17 at 15:17
  • @jww -Thank you for your help.If you have given a seed,it still automatically seeds itself ?I mean in which condition does it automatically seeds itself (call RAND_poll) – Xiphogod May 10 '17 at 00:54

1 Answers1

-1

Why does the same seed lead to different random numbers?

You can read about the general design of the rand subsystem at Random Numbers on the OpenSSL wiki. The reason the same seed produces different random numbers is...

It depends on the generator. If you are using the default generator, then you are using md_rand. If you look at the source code for md_rand.c, then you will see rand_bytes adds entropy at each invocation with system calls to functions like time.

On Linux rand_bytes also adds the result of getpid; and on Windows it adds the result of GetSystemTime and SystemTimeToFileTime.

Adding entropy at each invocation is a good design practice for RNGs. Also see When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography and When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments.

jww
  • 97,681
  • 90
  • 411
  • 885
  • @Xiphogod - Please look at the source code to [`md_rand.c`](https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c). It calls functions like "get process id" and "get time". It stirs the generator each time `RAND_bytes` is called. – jww May 10 '17 at 02:40
  • I have looked at the source code for rand_bytes,I only found that if (!initialized) { RAND_poll(); initialized = 1; } Does it add entropy with the RAND_poll? – Xiphogod May 10 '17 at 02:40
  • @Xiphogod - The lettering in a blue font is a hyperlink. Follow the link for [`md_rand.c`](https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c) and search for `time_t curr_time = time(NULL);`. – jww May 10 '17 at 02:42
  • Thank you very much.I find them in a later version. – Xiphogod May 10 '17 at 02:48
  • At first,I use openssl 0.9.8o ,I can't find add time seed in RAND_bytes,it only add pid,but the same seed also lead to different random numbers.(I try on windows) – Xiphogod May 10 '17 at 03:01
  • @Xiphogod - It sounds like you are on OS X, not Windows. If you are on OS X, then you will want to upgrade to get Elliptic Curve and TLS 1.2 goodies. Also see [Homebrew refusing to link OpenSSL](http://stackoverflow.com/q/38670295), [Update OpenSSL on OS X with Homebrew](http://stackoverflow.com/q/15185661), [How to install latest version of openssl Mac OS X El Capitan](http://stackoverflow.com/q/35129977), [How to upgrade OpenSSL in OS X?](http://apple.stackexchange.com/q/126830), [Openssl installation using HomeBrew fails](http://superuser.com/q/486389), etc. – jww May 10 '17 at 03:06