From: yawnmoth on
Is there any advantage to calling CryptGenRandom or .NET's
RNGCryptoServiceProvider when you can just read HKLM\SOFTWARE\Microsoft
\Cryptography\RNG\Seed directly? In my testing, each read is followed
by an immediate reseeding of that value, so I don't really see the
difference?
From: Jeroen Mostert on
On 2010-02-18 2:18, yawnmoth wrote:
> Is there any advantage to calling CryptGenRandom or .NET's
> RNGCryptoServiceProvider when you can just read HKLM\SOFTWARE\Microsoft
> \Cryptography\RNG\Seed directly?

A very obvious one: the former are documented to work and robust to future
changes, the latter is not. Don't be part of the problem by twiddling the
registry directly instead of using documented interfaces. Furthermore, I
doubt the seed is a cryptographically secure random number on its own -- I
don't know, but why risk it?

--
J.