yeah, I keep hearing about this. Some questions come to mind... wasn't one of these MS RNG's tested via FIPS at some point?
what's the logic in concluding Win2k and WinXP and Vista have different RNG's? is this really the end of the world? I mean, is there some specific attack? is there a proof-of-concept code snippet that breaks (ssl, ipsec, smime, code signing, ...) something in windows? why, if win2k is essentially end-of-life, would they not check windows xp? this makes me question their methodology. Jeffrey Altman wrote: > This paper justifies the decision not to rely on the Windows Random > Number Generator. > > http://eprint.iacr.org/2007/419.pdf ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
