On Dec 2 00:45, Steven Reddie wrote: > That's an interesting blog article. The 2nd comment is by the author and > lists the entropy sources. I recall there was discussion on this list quite > some time ago where it was stated that OpenSSL wouldn't use only the > CryptoAPI random number generator since Microsoft hadn't provided details of > how the entropy was gathered. Perhaps the information in that post provides > enough detail to warrant dropping all of the heap walking guff that has been > known to trip up OpenSSL on occasion. > > Adria, RAND_poll already calls CryptGenRandom doesn't it? You could > probably just comment out all of the other code to get the same result.
I'm wondering about this anyway. While the exact code of CryptGenRandom isn't open source, MSDN has a quite extensive description how the random numbers are generated by CryptGenRandom, see the Remarks section in http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp which also talks about the entropy sources used. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]