You may want to see the threads:
=20
BUG: CreateToolhelp32Snapshot
First (initializing) call to RAND_status() very slow on Win32
=20
An excerpt:
=20
------------
Jeffrey Altman
Thu, 14 Aug 2003 11:23:38 -0700

The reason that we go to all this trouble to examine alternative sources
of randomness
other than CryptGetRandom() is that Microsoft has refused to publish the
sources of
randomness which are used. Therefore, we have no ability to know whether
or not the
randomness reported by Windows is in fact random.
------------

However, it does not mean, that the method should be thread-unsafe and
extremely slow under some circumstances...

Ferda

________________________________

From: owner-openssl-dev@openssl.org
[mailtowner-openssl-dev@openssl.org] On Behalf Of Steven Reddie
Sent: Monday, April 04, 2005 7:45 AM
To: openssl-dev@openssl.org
Subject: How good a random source is Crypto API?
=09
=09
The non-thread-safe nature of RAND_poll for Win32 is something I
need to address as it's impossible given the use of my library to expect
RAND_poll to be called before other threads exist. This leads me to the
question of how good a random source is the CryptGenRandom function on
Windows. If it is a good enough source, then why bother with everything
else that is done inside RAND_poll? The MSDN documentation makes it
sound like similar things are being done for their random number seeding
as is done in RAND_poll.
=20
Regards,
=20
Steven

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org