yeah, I keep hearing about this. Some questions come to mind...

wasn't one of these MS RNG's tested via FIPS at some point?

what's the logic in concluding Win2k and WinXP and Vista have
different RNG's?

is this really the end of the world? I mean, is there some
specific attack? is there a proof-of-concept code snippet
that breaks (ssl, ipsec, smime, code signing, ...) something in

why, if win2k is essentially end-of-life, would they not
check windows xp? this makes me question their methodology.

Jeffrey Altman wrote:
> This paper justifies the decision not to rely on the Windows Random
> Number Generator.

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager