Re: Fixing RNG in Microsoft Windows?
From: chu (chudel@carolina.rr.com)
Date: 05/17/02
- Next message: Todd: "Re: Nimda is bothering too much.."
- Previous message: Sergio Dutra [MS]: "Re: Which client certificate does the browser passes to IIS?"
- In reply to: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Next in thread: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Reply: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Reply: Daniel: "Re: Fixing RNG in Microsoft Windows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: chudel@carolina.rr.com (chu) Date: 16 May 2002 18:54:35 -0700
Yama@yomama.com (Yama) wrote in message news:<3ce2b1ef.61131131@news-central.giganews.com>...
> On 15 May 2002 09:59:04 -0700, chudel@carolina.rr.com (chu) wrote:
> >Thanks for this good answer. I wonder if this may be part of the
> >OLEInitiatlize calls (do seed the RNG multiple times) which in part
> >may be part of a createuuid/guid? In any case, it's only a guess if
> >the crypto program is using this as the random seed or getting it from
> >another source.
> >
> >Thanks again,
> >./Chu
>
> You are welcome.
>
> I have a lot of interest in this part of the MS Crypto API (CAPI),
> particularly the CryptGenRandom call.
>
> I have had no luck whatsoever determining the strength or entropy of
> this call or the PRNG in general.
>
> If you or anyone has any info on the relative entropy of this PRNG
> (without seeding manually) I would be very interested.
>
> Also, I'd be very interested to know if I make the CryptGenRandom call
> and seed it with a very low entropy value number, does this weaken the
> call to the entropy of the my seed or merely increase the strength by
> an extremely small factor (the entropy value of the call + the entropy
> value of my seed)?
>
This just shows my ignorance, but I'm happy to learn from the smarter
sci.crypt community. I would have thought you could just as easily
use something like CoCreateGuid that generates a "universally unique"
id number and then take an md5 or sha hash of that - shouldn't that be
quite random?
For my entropy tests, I run a program called "ent"
(http://www.fourmilab.ch/random/). Although to be honest, in my (very
limited poor and weak) cryptanalysis experience, I'm really just
looking to verify if something is "mostly random", not truely so. :)
Cheers,
./Chu
c h u d e l - at - b e l l s o u t h -dot- n e t
- Next message: Todd: "Re: Nimda is bothering too much.."
- Previous message: Sergio Dutra [MS]: "Re: Which client certificate does the browser passes to IIS?"
- In reply to: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Next in thread: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Reply: Yama: "Re: Fixing RNG in Microsoft Windows?"
- Reply: Daniel: "Re: Fixing RNG in Microsoft Windows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
