In message <200504040653.j346rRVU006784@mail09.syd.optusnet.co m.au> on Mon, 4 Apr 2005 16:53:21 +1000, "Steven Reddie" said:

smr> Moving such functionality out-of-process would improve stability,
smr> and this is obviously where prngd/egd comes in, but if these are
smr> seen as useful for more secure applications then it seems that a
smr> default OpenSSL install could settle for CryptoAPI's PRNG.

Except for the small matter of knowing what the seeding generator uses
as sources. As was mentioned, Microsoft is very secretive about the
sources used for CryptGetRandom(). prngd/egd are open source...

BTW, OpenSSL does use the CryptoAPI PRNG *as well*, just FYI...

I do understand the problem with crashing systems. Do you have an
idea on how to make things more stable in that kind of situation, and
still have a more varied set of randomness sources than just
CryptoAPI?

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte richard@levitte.org
http://richard.levitte.org/

"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org