2015-01-16 20:04 GMT+03:00 Peter Dimov
On a more general note, all this homegrown entropy gathering in that function (for most of which I might be responsible, in fact) should just be skipped if we have CryptGenRandom or /dev/urandom; it should merely be a fallback. We're never going to improve upon CryptGenRandom's output, most we could do is not damage it, and /dev/urandom is, I think, also reasonably-crypto-quality on today's POSIX OSes.
Can not agree with that. We have no guarantee that CryptGenRandom algorithm is not reversible or predictable. In case of /dev/urandom we at least can see the sources (but that still does not give a 100% guarantee). So mixing in some additional entropy seems reasonable. -- Best regards, Antony Polukhin