dlls/advapi32/crypt.c
Travis Michielsen
tjmichielsen at yahoo.com
Thu Sep 13 09:48:05 CDT 2001
On September 12, 2001 6:51 pm, Morten Welinder wrote:
> Someone added code to CryptGenRandom so that it generates
> very bad random data (with <10 bits randomness in them).
>
> Don't do that. It's a known security risk.
>
> Read from /dev/urandom instead. If that does not succeed, just
> abort().
>
> Linux and newer Solaris have /dev/urandom. I would guess the
> BSDs have it too.
>
> Morten
So far all the functions in that file are just stubs. I would assume that
CryptGenRandom is currently not being used (at least not much) if the rest of
the API has not been implemented. If you read the comments inside that
function, however, it is listing this situation as a known problem. I will
likely fix this though in an upcoming patch to the CryptoAPI (patch 3 or 4
perhaps?) .
On another note, however, I was re-reading the CryptoAPI thread and I don't
think that Vladimir Vukicevic's questions were really answered from September
3rd.
As to my progress, so far I have just creating stubs for the functions in
advapi32.dll (patch 1 - crypt.c) and am currently working on wincrypt.h
(patch 2). If you want to help on the API, you can. However, we should
probably try to coordinate our efforts.
- Travis
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the wine-devel
mailing list