[PATCH] MinGW, random_seed, CryptoAPI
Bradley A. Town
townba@pobox.com
Fri, 28 Apr 2000 08:42:37 -0400
> I wouldn't use CAPI at all, not even for the RNG (which is one of the most
> critical parts as far as security is concerned). I just don't trust code
of
> which I'm prevented from seeing and recompiling the source.
I completely understand. That's why I left the entropy DLL as the default.
I might investigate talking to the Intel RNG directly...
I haven't done so, but perhaps I should run some randomness tests on the
RNGs of various CSPs. Maybe that would allay fears (mine included) a
little.
> Also, I wouldn't use the horrible registry, when all the configuration in
> gpg is based on a honest-to-God ASCII file...
I wouldn't have used it either, but it was already used to get the location
of the DLL and GnuPG's home directory, and I wanted a little consistency.
Maybe we should remove the registry functions altogether and put everything
into the configuration file?
Brad