Shachar Shemesh <[EMAIL PROTECTED]> writes: >> *CPGenRandom* is one of the more difficult functions to implement >> correctly, and it must be done correctly to maintain the security of >> a CSP. *CPGenRandom* is used internally by the *CPGenKey* >> <http://msdn.microsoft.com/library/en-us/seccrypto/security/cpgenkey.asp> >> function, as well by applications when generating data items used in >> cryptographic protocols such as challenge strings. A CSP is not >> producing message security if values of the cryptographic keys or >> challenge strings produced by a CSP are predictable. > > The way I read it, the rest of the discussion further enhances this > point. They are basically saying that the seed should be taken from a > hardware device, if one is available.
This is *exactly* what /dev/urandom does. -- Alexandre Julliard [EMAIL PROTECTED]
