In Windows Vista Service Pack 1 (SP1) and in Windows Server 2008, the random number generator (RNG) is not compliant with Federal Information Processing Standard (FIPS) 140-2.

This problem affects all the functions that use the RNG. The CryptoAPI function CryptGenRandom and the CNG function BCryptGenRandom use the RNG directly. Other functions that generate random numbers for keying material or for other purposes may also use the RNG indirectly.

Important This problem does not affect the external behavior of any functions that use the RNG. It does not affect the strength of any system cryptographic implementations. Additionally, it does not change cryptographic functionality in any other way.

Leave a Reply