[15893] in cryptography@c2.net mail archive
RE: Microsoft .NET PRNG (fwd)
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Thu Aug 12 16:56:39 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "'Ed Gerck'" <egerck@nma.com>, <cryptography@metzdowd.com>
Date: Wed, 11 Aug 2004 23:44:23 -0400
In-Reply-To: <411908F5.6000209@nma.com>
-----Original Message-----
From: owner-cryptography@metzdowd.com
[mailto:owner-cryptography@metzdowd.com] On Behalf Of Ed Gerck
Sent: 10 ao=FBt 2004 13:42
To: cryptography@metzdowd.com
Subject: Re: Microsoft .NET PRNG (fwd)
>The PRNG should be the least concern when using MSFT's cryptographic
>provider. The MSFT report 140sp238.pdf says:
>
> RSAENH stores keys in the file system, but relies upon Microsoft
> Windows XP for the encryption of the keys prior to storage.
Yes that's true. The security policy explains that the safeguarding of
private keys is done outside the crypto boundary. (as someone mentioned =
to
me in personal email you need to have a look at the fine print of such
accreditations, this is an example of a fine print).
Note however that the OS uses the crypto provider to encrypt the private =
key
using a secret that is generated based on (or protected by a key =
generated
based on, don't remember off the top of my head) the user's password.
The strength of the system is based on the user's Windows password, =
which I
think is reasonable (anyone who can login as the user can use his =
private
keys, stored in his container, anyways)...
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
