Re: Java's SecureRandom

New Message Reply About this list Date view Thread view Subject view Author view

Bill Frantz (frantz@netcom.com)
Wed, 24 Jun 1998 00:03:46 -0800


At 12:09 PM -0800 6/23/98, Nigel Randsley-Pena wrote:
>Before I get started has anyone done any analysis of Java's SecureRandom
>?

I did a bit of a look at it. Its basic source of entropy is the number of
times a thread can yield in a given amount of wall clock time. The
experiment is run, and if the number is high enough (so external events
haven't stopped the thread for example), some entropy is harvested. There
is a paper by I believe Steve Bellovin which speaks well of this method.

Once 160 bits of entropy is harvested (during the execution of the
constructor), it is recycled endlessly using SHA1 as a mixing function.

There were some bugs in the earlier Java releases which would cause the
entropy harvester to never complete. (I think these are in 1.1.3, but it
could be an earlier release.)

Reusing the same 160 bits of entropy for all output makes me nervous. You
can call the setSeed method to add your own entropy to the pool.

It only has a 160 bit pool of entropy. I fear that multiple uses of SHA1
may reduce the actual entropy in that pool. Also SHA1 was not designed for
this use.

-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:56 ADT