[PATCH] MinGW, random_seed, CryptoAPI

Bradley A. Town townba at pobox.com
Fri Apr 28 09:42:37 CEST 2000


> I wouldn't use CAPI at all, not even for the RNG (which is one of the most
> critical parts as far as security is concerned). I just don't trust code
of
> which I'm prevented from seeing and recompiling the source.

I completely understand.  That's why I left the entropy DLL as the default.
I might investigate talking to the Intel RNG directly...

I haven't done so, but perhaps I should run some randomness tests on the
RNGs of various CSPs.  Maybe that would allay fears (mine included) a
little.

> Also, I wouldn't use the horrible registry, when all the configuration in
> gpg is based on a honest-to-God ASCII file...

I wouldn't have used it either, but it was already used to get the location
of the DLL and GnuPG's home directory, and I wanted a little consistency.
Maybe we should remove the registry functions altogether and put everything
into the configuration file?

Brad



More information about the Gnupg-devel mailing list