RE: Alternate RAND_poll for XP/2003 Server/Vista

Thu, 01 Dec 2005 18:39:14 -0800 

Two sentences after that one are these:

        "To form the seed for the random number generator, a calling
application supplies bits
        it might have-for instance, mouse or keyboard timing input-that are
then added to both
        the stored seed and various system data and user data such as the
process ID and thread ID,
        the system clock, the system time, the system counter, memory
status, free disk clusters,
        the hashed user environment block. This result is SHA-1 hashed, and
the output is used to seed
        an RC4 stream, which is then used as the random stream and used to
update the stored seed."

So although all processes access the same PRNG it seems that there is
provision to "mix it up" a little.

I imagine that an installed Cryptographic Provider could provide its own
PRNG and Windows could be configured to use that instead.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Corinna Vinschen
Sent: Friday, 2 December 2005 7:59 AM
To: openssl-dev@openssl.org
Subject: Re: Alternate RAND_poll for XP/2003 Server/Vista

On Dec  1 12:43, Rick Jones wrote:
> Corinna Vinschen wrote:
> >I'm wondering about this anyway.  While the exact code of 
> >CryptGenRandom isn't open source, MSDN has a quite extensive 
> >description how the random numbers are generated by CryptGenRandom, 
> >see the Remarks section in 
> >http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secc
> >rypto/security/cryptgenrandom.asp
> >which also talks about the entropy sources used.
> 
> Being otherwise blissfully ignorant of things Windows, does this 
> snippet from the URL above:
> 
> "With Microsoft CSPs, CryptGenRandom uses the same random number 
> generator used by other security components."
> 
> imply that CryptGenRandom might be satisfied by code other than that 
> from Microsoft described in the URL above?

You omited the next sentence:

"This allows numerous processes to contribute to a system-wide seed."

I understand this as "every process using one of the Microsoft CSPs will
internally access the same random number generator."  As if, say, every
process uses /dev/random on Linux.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to