LibreCrypt: Open-Source disk encryption for Windows

The latest version of this document can be found at the LibreCrypt project site

Technical Details: Random Number Generators (RNGs)

LibreCrypt offers a choice of four different random number generators (RNGs) for use when creating new containers:

1. Microsoft CryptoAPI
2. Mouse movement
3. cryptlib
4. PKCS#11 tokens

Whichever one is selected must produce 4096 bits (512 bytes) of cryptographically secure random numbers. This random data is used in three ways:

1. As the master key used for encrypting/decrypting your data
2. For salting
3. As random "padding" to make up otherwise unused space within the LibreCrypt's critical data block. (See volume layout documentation for further details)

If more than one RNG is selected, their output will be combined (XOR'd together) and the resulting data used. In this way, the random data generated will never be weaker than the strongest selected RNG.

The Microsoft CryptoAPI is used to generate random data.

This relies on the user "waggling" the mouse in a random fashion to generate random data.

Every 100ms the mouse pointer is checked. If it has moved significantly, then the X and Y coordinates of the mouse pointer are sampled, and the LSB of each is added to the random data collected.

Due to the volume of random data required, and the fact that only 2 bits of random data are collected for each mouse position sampled, this is a relatively slow process.

cryptlib is used to generate random data.

Note: This option is only available if cryptlib (cl32.dll) is installed; see the cryptlib web site for further details and download.

If you have a security token or smartcard, this may be used as a RNG.

See the Security Token/Smartcard Support section for more information on setting up and using PKCS#11 tokens.