Anton Stiglic wrote:
There is some detail in the FIPS 140 security policy of Microsoft's
cryptographic provider, for Windows XP and Windows 2000. See for example
http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf
where they say the RNG is based on FIPS 186 RNG using SHS. The seed is
based on
Been there, done that...
http://csrc.nist.gov/cryptval/140-1/1401val2001.htm#138
Win95 Win98 are pretty programs running on DOS.
I've generally taken FIPS 140-1 level 1 to be about whether you got the
software right, not whether it protects secrets. Level 2 only relies on
TCSEC or Common
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Gerck
Sent: 10 août 2004 13:42
To: [EMAIL PROTECTED]
Subject: Re: Microsoft .NET PRNG (fwd)
The PRNG should be the least concern when using MSFT's cryptographic
provider. The MSFT report 140sp238.pdf
There is some detail in the FIPS 140 security policy of Microsoft's
cryptographic provider, for Windows XP and Windows 2000. See for example
http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf
where they say the RNG is based on FIPS 186 RNG using SHS. The seed is
based on the collection of
The PRNG should be the least concern when using MSFT's cryptographic
provider. The MSFT report 140sp238.pdf says:
RSAENH stores keys in the file system, but relies upon Microsoft
Windows XP for the encryption of the keys prior to storage.
Not only RSAENH writes keys to a
Forwarded here as the original forum is having no success.
[...]
I'm looking for the same information. I want to know which method does MS
Crypto API use in order to obtain strong random seeds.
This is cross-posted back to the original list (with snippets from various
postings) to try and tie
Forwarded here as the original forum is having no success. IIRC, Matt
Blaze examined the early CrptoAPI and associated PRNG, but I can't seem to
find the post/article that I am thinking of.
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
...justice is a duty towards those whom you
