Sources of (pseudo)randomness in ASLR

Just a couple of ASLR related questions:

1. What sorts of (pseudo)random number generators are usually used for ASLR?

2. Could some of the ones used in cryptography - e.g. Blowfish's key generator - be of use for randomizing memory allocations?

(Also, am I making sense?)

 

It's just a few bits of entropy - it works by allocating memory to the location that the program would normally allocate, and to avoid a collision it then allocates to a new area.

Not sure what's behind it, or how the address is generated, but it's handled natively by windows.

Realizing that you're talking about ASLR and not PseudoASLR.

I can't speak for Windows, but on Linux I believe entropy is gathered from various sources. It depends on whether it uses random or urandom. But things like mouse movements and key presses will increase entropy.

 

Ah, I was thinking it would use pseudorandom numbers. My thought was that maybe a higher quality pseudorandom number generator could make it more powerful.

 

It does. But the generator needs to be seeded by different sources. A better generator would lead to better ASLR.