What is the theoretical period of BCryptGenRandom function?

Question

I'm trying to use the function BCryptGenRandom defined in the bcrypt.h header file. However, I cannot find information about the security properties of this function.

What is the theoretical period of BCryptGenRandom function?

MSDN does not seem to provide this information.

Answer 1

Microsoft :

The default random number provider implements an algorithm for generating random numbers that complies with the NIST SP800-90 standard, specifically the CTR_DRBG portion of that standard.

NIST :

The seed used to instantiate the DRBG must contain sufficient entropy to provide an assurance of randomness. If the seed is kept secret, and the algorithm is well designed, the bits output by the DRBG will be unpredictable, up to the instantiated security strength of the DRBG.

CTR_DRBG uses an approved block cipher algorithm in the counter mode

We expect maximum number of bits output from CTR_DRBG is equal to the 2^blocksize. Interestingly, Campagna shows that we cannot distinguish the output of CTR_DRBG from a true random number generator

The NIST codebook-based deterministic random bit generators are analyzed in the context of being indistinguishable from random. Upper and lower bounds based on the probability of distinguishing the output are proven. These bounds imply that the security of the designs are bounded by the codebook width, or more precisely on the property that the codebooks act like a random permutation, as opposed to their underlying security parameter or key length. This paper concludes that these designs fail to support security parameters larger than the codebook width.