Using OneRNG to affect Windows entropy

redneonglow danq at runbox.com
Wed Aug 22 03:05:17 BST 2018 

(adapted from my post on the TrueRNG forum, https://ubld.it/forums/topic/feeding-windows-entropy-pool/#post-2146)

According to these three links:

https://stackoverflow.com/questions/22150896/is-it-possible-to-add-entropy-from-a-hardware-rng-to-the-windows-cryptoapi

https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1328.pdf

https://msdn.microsoft.com/en-us/library/windows/desktop/aa375458.aspx

…it was once possible for developers to incorporate additional sources of entropy, but this was discontinued in Windows 8 and later, in favor of a TPM.

There are, however, sources of entropy in addition to a TPM (or when a TPM is unavailable). Microsoft is vague as to how these sources are used or to what extent each source is taken into account. It would appear that this is per-application rather than a single /dev/random

Reading those articles, it would seem that a Windows equivalent of rngd, using OneRNG hardware, could affect entropy per-application in the following ways:

* Incrementing the serial port count by 1
* Occasionally writing random amounts of OneRNG-generated random bytes to memory (and/or the page file), using a random amount of threads
* Adding one or more OneRNG-generated nonsense environment variables to the system that occasionally change
* The fact that a program exists doing all this

Something like this would be interesting. Unfortunately it would be tough to prove how/if it has any effect.

--

I have developed a way of achieving this, which involves randomly pulling data using fileGen from the WinOneRNG tools, stripping it of all non-alphanumeric characters using tr from GnuWin32 coreutils, and using setx to create 10 variables %ONERNG0% through %ONERNG9% which apply to each subsequently loaded program. I set Task Scheduler to do this every 15 minutes.

However, I am not sure whether I should publish it on Github as it involves a batch file packed in an executable. I submitted it to VirusTotal and is was detected and deleted by a number of antivirus programs including McAfee.

The reason the batch file needs to be packed in an executable, is that there does not seem to be any other way to get setx to work with Task Scheduler that doesn't include popping up a command window.

Bat To Exe (mirror of older version, the original is now paywalled by a captcha-like browser cryptominer): https://github.com/tokyoneon/B2E
GnuWin32 coreutils v5.3.0: http://gnuwin32.sourceforge.net/packages/coreutils.htm

Would anyone be interested in seeing this, either me uploading it through Browse or on Github?

More information about the Discuss mailing list