[15864] in cryptography@c2.net mail archive
RE: Microsoft .NET PRNG (fwd)
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Aug  2 10:55:51 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, measl@mfn.org
Cc: secprog@securityfocus.com
In-Reply-To: <20040731104757.J2483@ubzr.zsa.bet>
Date: Mon, 02 Aug 2004 16:44:27 +1200
>Forwarded here as the original forum is having no success.
>
>[...]
>
>I'm looking for the same information. I want to know which method does MS
>Crypto API use in order to obtain "strong" random seeds.
This is cross-posted back to the original list (with snippets from various
postings) to try and tie up the loose ends:
>Peter Gutmann's paper on randomness describes the algorithms used, at least
>in some/most versions. It's possible it's been changed at some recent point
>in time. You can find it here: http://www.cypherpunks.to/~peter/06_random.pdf.
That's based on what was known of the CAPI PRNG at the time, there's a more
up-to-date version of that in "Cryptographic Security Architecture Design and
Verification", but that also predates the most recent information on the
generator, which is the second edition (not the first) of "Writing Secure
Code" by Michael Howard and David LeBlanc.  It also appears that the generator
itself has changed somewhat over time, with more recent versions being rather
better than the earlier ones.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com