Forwarded here as the original forum is having no success. IIRC, Matt Blaze examined the early CrptoAPI and associated PRNG, but I can't seem to find the post/article that I am thinking of.
-- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? ---------- Forwarded message ---------- Date: Fri, 30 Jul 2004 10:52:12 -0300 From: Pablo Milano <[EMAIL PROTECTED]> To: 'Yvan Boily' <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: RE: Microsoft .NET PRNG I'm looking for the same information. I want to know which method does MS Crypto API use in order to obtain "strong" random seeds. The most in-deep information about this I could find was http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s ecurity/cpgenrandom.asp. Anyway, I'm still not sure if what is explained there is what the function SHOULD do, or what the function ACTUALLY DOES. Any help would be appreciated. Regards. > -----Mensaje original----- > De: Yvan Boily [mailto:[EMAIL PROTECTED] > Enviado el: Miércoles, 28 de Julio de 2004 04:40 p.m. > Para: [EMAIL PROTECTED] > Asunto: Microsoft .NET PRNG > > > I have read both FoundStone's and @Stakes reviews of the PRNG > included with > the Microsoft .NET 1.1 framework (also the Win32 CryptoAPI) , > however there > is little information available (that I have been able to locate) that > discusses the actual method used, or an analysis of how > reliable it is from > a cryptographic perspective. > > I don't profess to be expert enough on random number generation and > cryptography to criticize the implementation, however I would > like to know > more about it as most code samples I have seen and now an > application I am > auditing is relying extensively on the CryptoAPI to provide > facilities for > random key generation. > > Does anyone have any technical resources which discuss concerns or > commendations of the implementation? > > Regards, > > Yvan Boily > > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]