This paper justifies the decision not to rely on the Windows Random Number Generator.
http://eprint.iacr.org/2007/419.pdf Quoting: "We analyzed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on forward-security demonstrates that the design of the generator is flawed, since it is well known how to prevent such attacks. "The generator is run in user mode rather than in kernel mode, and therefore it is easy to access its state even without administrator privileges. "The implication of these findings is that a buffer overflow attack or a similar attack can be used to learn a single state of the generator, which can then be used to predict all random values, such as SSL keys, used by a process in all its past and future operation. This attack is more severe and more efficient than known attacks, in which an attacker can only learn SSL keys if it is controlling the attacked machine at the time the keys are used."
smime.p7s
Description: S/MIME Cryptographic Signature
