dlls/advapi32/crypt.c

[Morten Welinder]

Someone added code to CryptGenRandom so that it generates
very bad random data (with <10 bits randomness in them).

Don't do that.  It's a known security risk.

Read from /dev/urandom instead.  If that does not succeed, just
abort().

Linux and newer Solaris have /dev/urandom.  I would guess the
BSDs have it too.

Morten