yeah, I keep hearing about this. Some questions come to mind...

wasn't one of these MS RNG's tested via FIPS at some point?

what's the logic in concluding Win2k and WinXP and Vista have
different RNG's?

is this really the end of the world? I mean, is there some
specific attack? is there a proof-of-concept code snippet
that breaks (ssl, ipsec, smime, code signing, ...) something in
windows?

why, if win2k is essentially end-of-life, would they not
check windows xp? this makes me question their methodology.

Jeffrey Altman wrote:
> This paper justifies the decision not to rely on the Windows Random
> Number Generator.
>
> http://eprint.iacr.org/2007/419.pdf

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org