但请注意,现在,开发人员可以/应该使用来自CNG(Cryptography API：Next Generation)的BCryptGenRandom,它是CryptoAPI的替代品.但BCryptGenRandom不支持任何输入缓冲区作为额外的熵,无论如何从Windows 8及更高版本……

我想这是微软的安全设计决定.他们不想支持“不受信任”的熵源,因为这对系统至关重要.

这是一个有趣的文档Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) Security Policy Document,列出了如何构建Windows熵池(我缩短了很多项,因此它是可读的)：

The Windows entropy pool is populated by periodically gathering random
bits from the Trusted Platform Module (TPM) when present,as well as
by periodically querying the values of the following OS variables:

• The process ID of the currently running process
• The thread ID of the currently running thread
• A 32-bit tick count since the system boot
• The current local date and time
• The current system time of day information consisting of […]
• The current hardware-platform-dependent high-resolution performance-counter value
• The information about the system’s current usage of both physical and virtual memory […]
• The system device information consisting of […]
• The local disk information including […]
• A hash of the environment block for the current process
• Some hardware cpu-specific cycle counters
• The system file cache information consisting of […]
• The system processor power information consisting of […]
• The system page file information consisting of […]
• The system processor idle information consisting of Idle Time
• The system processor performance information consisting of […]
• The system exception information consisting of […]
• The system look-aside information consisting of […]
• The system processor performance information consisting of […]
• The system interrupt information consisting of […]
• The system process information consisting of […]

它还列出了cng.sys支持的3种方法EntropyRegisterSource,EntropyUnregisterSource和EntropyProvideData.

我想使用它们可以工作,但它们没有在MSDN上记录(自从这篇文档是在2013年编写后它可能已经改变了,但是在我的Windows 10盒子里,cng.sys有3种方法加上EntropyPoolTriggerReseedForIum
和EntropyRegisterCallback …),这可能意味着微软不支持它们.

另外,您必须编写内核驱动程序(cng.sys是内核驱动程序),这与安全性含义一致：您需要成为管理员才能安装它.