1. As I said in earlier post this program uses QueryPerformanceCounter for initial seed. However I didn't get what you mean by
If that's the case, then your keyspace just dropped dramatically.
How we can predict the result of QueryPerformanceCounter? Could you elaborate on this topic?

2. What I was saying was that if they use the value of Query... for range limiting the acceptable values, and that value is LOW, then that limits the range of the random numbers, and might reduce the area you have to search.

3. I want to know what is predictable the range of QueryPerformanceCounter if you know. I didn't come up with any predictable range. That is why I am searching 0-FFFFFFFFh range. Another problem is we also don't know how many times author generated big number. Each generation also affects RandomSeed. However, I am open to new ideas always.

4. ## Recca ?

Why do you search the next prime number ?

prime(M) + b = M with M the 1st random number and b a small number
prime(N) + c = N with N the 2nd random number and c a small number

So :
- choose a seed
- compute M and N
- if (M*N - P) is small enough, you probably find the seed (with P = prime(M)*prime(N)), In other words : Take the most significant 32 bits of N and M, multiply, if the result is close to the most significant bits of P, take the next 32 bits of N and M, multiply...

Bruteforce would be easy...

5. What is the relation between M, N and P?
Program generates P and Q (primes of RSA) by using Random function and searching next prime like this

Code:
```P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q```
The idea is if we can find fast method to find IsPrime function we can speed up searching. Because if we can recover the seed either seed of P or seed of Q we will find the prime numbers. Other than that I didn't get what you mean by M and N. drizz's code is very detailed and fast but I abandoned the project until I get my new computer.

6. In my previous post : P = M*N.

You say :

Code:
```P=Random(Seed)
P=FindNextPrime(P)
Q=Random(Seed)
Q=FindNextPrime(Q)
N=P*Q```
My idea :

Code:
```P'=Random(Seed)
Q'=Random(Seed)
N'=P'*Q'
if(|N'-N| small enough)
{
P=FindNextPrime(P')
Q=FindNextPrime(Q')
if(N==P*Q)
{
Correct Seed !
}
}```

I use it to break RSA-1024 with similar weak RNG (<1h to check all the 32-bits values).

7. What is that small enough number? I have searched prime gaps and found that biggest gap is 4724 for 75 digits so theoretically that number will be 4724^2= 22316176 ( http://www.trnicely.net/gaps/g4k.html ) is this info true or it is lower than that?

g(pn) = O((ln pn)^2)
If P and Q were independents, you would choose the gap carefully,
But, here, P and Q are linked together by the seed so few (P',Q') (and probably only 1) will pass the test even if you choose a too big gap...

9. Thanks. It worked

10. Thanks
Here is the tutorial by Laptonic