Richard Levitte - VMS Whacker wrote:
>
> From: "Penney, Jason" <[EMAIL PROTECTED]>
>
> jason.penney> The new generation of Pentiums coming out on the market
> jason.penney> have a genuine (hardware) RNG built into them.
> jason.penney>
> jason.penney> On Windows, at least, let the CryptoAPI initialize the
> jason.penney> random number generator. TODO: when the new Pentiums
> jason.penney> are widespread, they should be used in place of md_rand
> jason.penney> for RNG in all cases...
>
> That sounds fine, but do we know how trustable that RNG is?
>
Ulf has already added some patches to make use of the pentium PRNG under
Windows if the right CSP has been added.
As for using the CryptoAPI PRNG anyway that depends on the details of
its operation. Information from Microsoft is that new versions (Win2K)
are FIPS 186 compatible and older one used a proprietary technique.
There is no mention of how it seeds the PRNG and there has been no reply
to such queries.
No doubt conspiracy theorists can come up with their own ideas as to why
no details have been released...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
