13 Sep
2001
13 Sep
'01
12:51 a.m.
Someone added code to CryptGenRandom so that it generates very bad random data (with <10 bits randomness in them).
Don't do that. It's a known security risk.
Read from /dev/urandom instead. If that does not succeed, just abort().
Linux and newer Solaris have /dev/urandom. I would guess the BSDs have it too.
Morten