Microsoft .NET PRNG (fwd)
Anton Stiglic
astiglic at okiok.com
Mon Aug 9 23:20:37 EDT 2004
There is some detail in the FIPS 140 security policy of Microsoft's
cryptographic provider, for Windows XP and Windows 2000. See for example
http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf
where they say the RNG is based on FIPS 186 RNG using SHS. The seed is
based on the collection of allot of data, enumerated in the security policy.
I would guess that what is written is true, less NIST would look very bad if
someone reversed engineered the code and showed that what they certified was
wrong.
So based on that it would seem that the PRNG in recent Microsoft
cryptographic providers is o.k.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list