Cryptanalysis of the Random Number Generator of the Windows Operating System

The Pseudo-Random Number Generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. The authors examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) They reconstructed, for the first time, the algorithm used by the pseudo-random number generator (namely, the function CryptGenRandom).