On 06/09/15 10:11, Dongsheng Song wrote: > On 2015-09-05 17:40, Werner Koch wrote: >> - The random number generator may not produce random output. > > Why not trust Windows CryptoAPI (CryptGenRandom) like libressl ?
May I suggest that you take down your compiled 64-bits versions and issue a warning on the page, alterting people to the fact that Werner Koch warned you that the random number generator might not work? It's rather a huge issue, especially when people use your package to generate their keys. BTW, AFAIK, GnuPG builds its own random number generator upon the services provided by the OS. It doesn't make sense (to me at least) to make an exception for 64-bit Windows and swap it out for the OS provided service there. Is there any reason to provide 64-bits binaries, BTW? It's an unbiased question, I simply don't know. Does it provide any benefits? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
