Home

CSPRNGs

A cryptographically secure pseudorandom number generator (CSPRNG) is a pseudorandom number generator designed to withstand cryptographic analysis and attack. Its outputs should be indistinguishable from true randomness and unpredictable to any efficient adversary, even if parts of the internal state are known. CSPRNGs are used to generate keys, nonces, initialization vectors, and other values whose predictability could compromise security. They differ from ordinary PRNGs in that their security relies on cryptographic hardness rather than statistical properties alone.

CSPRNGs typically combine a cryptographic primitive with an entropy source. They require fresh entropy input through

Security properties of CSPRNGs include unpredictability and forward secrecy, meaning past outputs remain secure or unrecoverable

Examples and standards: widely used systems include DRBGs in OpenSSL, Windows CNG/CAPI RNG, and Linux kernel

reseeding
to
maintain
security.
Common
constructions
include
DRBGs
defined
in
NIST
SP
800-90A—hash-based
DRBG,
HMAC-DRBG,
and
CTR-DRBG.
Fortuna
and
Yarrow
are
historical
designs
that
influenced
modern
implementations.
Implementations
often
rely
on
operating
system
entropy
pools
or
hardware
random
number
generators,
and
may
perform
health
checks
or
entropy
estimation
during
reseeding.
if
the
internal
state
is
later
compromised.
They
are
designed
to
be
resilient
against
state
compromise
extensions,
where
an
attacker
who
gains
state
access
should
not
easily
derive
prior
outputs.
Practical
concerns
include
the
quality
of
entropy,
the
frequency
of
reseeding,
and
protection
against
flawed
implementations
or
biased
inputs.
entropy
pools
such
as
/dev/urandom.
Guidance
and
standardization
are
provided
by
NIST
SP
800-90A/B/C
and
related
FIPS
publications.