Re: Java's SecureRandom

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Tom Weinstein (tomw@netscape.com)
Wed, 24 Jun 1998 14:44:20 -0700

Next message: Tom Weinstein: "Re: filesystem encryption"
Previous message: Stefan Wolf: "Re: GCHQ discovery of PKC"
In reply to: Vin McLellan: "Re: GCHQ discovery of PKC"
Next in thread: bram: "Random seeds"
Reply: bram: "Random seeds"

Bill Frantz wrote:
>
> At 12:09 PM -0800 6/23/98, Nigel Randsley-Pena wrote:
> >Before I get started has anyone done any analysis of Java's SecureRandom
> >?
>
> I did a bit of a look at it. Its basic source of entropy is the number
> of times a thread can yield in a given amount of wall clock time. The
> experiment is run, and if the number is high enough (so external events
> haven't stopped the thread for example), some entropy is harvested.
> There is a paper by I believe Steve Bellovin which speaks well of this
> method.
>
> Once 160 bits of entropy is harvested (during the execution of the
> constructor), it is recycled endlessly using SHA1 as a mixing function.

A method that would run the harvesting code for a little while and mix it
in would be nice. This could be used in the idle loop of an application.
We do something similar in the main event loop of Communicator.

> There were some bugs in the earlier Java releases which would cause the
> entropy harvester to never complete. (I think these are in 1.1.3, but it
> could be an earlier release.)
>
> Reusing the same 160 bits of entropy for all output makes me nervous.
> You can call the setSeed method to add your own entropy to the pool.
>
> It only has a 160 bit pool of entropy. I fear that multiple uses of SHA1
> may reduce the actual entropy in that pool. Also SHA1 was not designed
> for this use.

I haven't looked at the Java code, but FIPS 186 specifies a random number
generator that uses SHA1. To the best of my knowledge, there are no
problems using SHA1 in this way.

-- 
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | tomw@netscape.com
transcending structure.  -- The Tao of Programming   |

Next message: Tom Weinstein: "Re: filesystem encryption"
Previous message: Stefan Wolf: "Re: GCHQ discovery of PKC"
In reply to: Vin McLellan: "Re: GCHQ discovery of PKC"
Next in thread: bram: "Random seeds"
Reply: bram: "Random seeds"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:00 ADT