[15916] in cryptography@c2.net mail archive
RE: Microsoft .NET PRNG (fwd)
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Aug 16 15:07:06 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: astiglic@okiok.com, measl@mfn.org
Cc: cryptography@metzdowd.com
In-Reply-To: <20040810032039.03D35B4072@mail.okiok.com>
Date: Mon, 16 Aug 2004 17:10:00 +1200
"Anton Stiglic" <astiglic@okiok.com> writes:
>There is some detail in the FIPS 140 security policy of Microsoft's
>cryptographic provider, for Windows XP and Windows 2000.
As I've said in a previous post, the best documentation for the RNG is in
"Writing Secure Code (2nd ed)". The main purpose of the CryptoAPI FIPS 140
documentation is to document an active penetration attack on the FIPS 140
certification process (I could get an 8086 MSDOS machine FIPS 140 certified
[0] using their methodology).
Peter.
[0] If anyone would like to fund, please get in touch :-).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
