Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <392B898D.A430F083@vinschen.de> Date: Wed, 24 May 2000 09:49:33 +0200 From: Corinna Vinschen Reply-To: cygwin X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14 i686) X-Accept-Language: de, en MIME-Version: 1.0 To: Daniel Probst CC: cygwin AT sourceware DOT cygnus DOT com Subject: Re: /dev/random References: <002501bfc549$7d19f1c0$c85a9b86 AT vwl DOT unimannheim DOT de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Daniel Probst wrote: > > The cygwin implementation seems to be based on the MS Crypto API. Is this > right? > Well this is certainly better than no /dev/random, but I do feel uneasy > about using it for crypto purposes. > Why didn't one choose another entropy generator? Was it purely time/priority > considerations? How about the Bruce Shneier (Counterplane) open-source > YARROW module. > -dan The MS Crypto API provides the entropy generation by no extra cost. Why not using already existing APIs? As far as you can't _prove_ that the MS entropy generator doesn't pass Chi^2 or similar tests, I'm not willing to implement code which is already provided by the system. Or shall I assume that you're feeling uneasy only because the API is provided by MS? Here (as always) the following is valid: Patches are gratefully accepted. -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com