Microsoft .NET PRNG (fwd)
Anton Stiglic
astiglic at okiok.com
Wed Aug 11 23:44:23 EDT 2004
-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of Ed Gerck
Sent: 10 août 2004 13:42
To: cryptography at metzdowd.com
Subject: Re: Microsoft .NET PRNG (fwd)
>The PRNG should be the least concern when using MSFT's cryptographic
>provider. The MSFT report 140sp238.pdf says:
>
> RSAENH stores keys in the file system, but relies upon Microsoft
> Windows XP for the encryption of the keys prior to storage.
Yes that's true. The security policy explains that the safeguarding of
private keys is done outside the crypto boundary. (as someone mentioned to
me in personal email you need to have a look at the fine print of such
accreditations, this is an example of a fine print).
Note however that the OS uses the crypto provider to encrypt the private key
using a secret that is generated based on (or protected by a key generated
based on, don't remember off the top of my head) the user's password.
The strength of the system is based on the user's Windows password, which I
think is reasonable (anyone who can login as the user can use his private
keys, stored in his container, anyways)...
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list