Microsoft .NET PRNG (fwd)

Peter Gutmann pgut001 at
Mon Aug 16 01:10:00 EDT 2004

"Anton Stiglic" <astiglic at> writes:

>There is some detail in the FIPS 140 security policy of Microsoft's
>cryptographic provider, for Windows XP and Windows 2000.

As I've said in a previous post, the best documentation for the RNG is in
"Writing Secure Code (2nd ed)".  The main purpose of the CryptoAPI FIPS 140
documentation is to document an active penetration attack on the FIPS 140
certification process (I could get an 8086 MSDOS machine FIPS 140 certified
[0] using their methodology).


[0] If anyone would like to fund, please get in touch :-).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list