rsaenh

[Alexandre Julliard]

Shachar Shemesh <wine-devel at shemesh.biz> writes:

>> *CPGenRandom* is one of the more difficult functions to implement
>> correctly, and it must be done correctly to maintain the security of
>> a CSP. *CPGenRandom* is used internally by the *CPGenKey*
>> <http://msdn.microsoft.com/library/en-us/seccrypto/security/cpgenkey.asp>
>> function, as well by applications when generating data items used in
>> cryptographic protocols such as challenge strings. A CSP is not
>> producing message security if values of the cryptographic keys or
>> challenge strings produced by a CSP are predictable.
>
> The way I read it, the rest of the discussion further enhances this
> point. They are basically saying that the seed should be taken from a
> hardware device, if one is available.

This is *exactly* what /dev/urandom does.

-- 
Alexandre Julliard
julliard at winehq.org