We are trying to obtain FIPS 140.2 certification for our product, and it happens to use CryptGenRandom() method from Crypto API for initializing its random seed. In Windows Server 2003 versions, the seed was described in: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1012.pdf I believe the entropy characteristics of seed buffer described in page 18-19 in section heading Miscellaneous was sufficient to satisfy seed requirements. However, the corresponding RSAENH in Windows Server 2008 is missing that, and there is only a statement that it gets a seed from the kernel, but does not describe the size of the seed or its entropy characteristics. Windows Server 2008 RSAENH: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1010.pdf Where can I obtain further information on the seed? What is the number of bytes of random buffer that is required for meeting a certain entropy (say 80 bits of entropy). Thanks.