Friday, January 24, 2014

SecureRandom


  • // Get the instance of SecureRandom class with specified PRNG algorithm

    SecureRandom secureRandom = new SecureRandom();

// You can use the getInstance() of the Secure Random class to create an object of SecureRandam
    // where you would need to specify the algorithm name.
    // SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");

 // You also specify the algorithm provider in the getInstance() method
    // SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");

    // A call to the setSeed() method will seed the SecureRandom object.
    // If a call is not made to setSeed(),
    // The first call to nextBytes method will force the SecureRandom object to seed itself.

http://javadigest.wordpress.com/tag/securerandom-example/

  • I think it is best to let the SecureRandom seed itself. 
This is done by calling nextBytes immediately after it's creation (calling setSeed will prevent this).
final byte[] dummy = new byte[512];
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.nextBytes(dummy);

http://stackoverflow.com/questions/12249235/securerandom-safe-seed-in-java


  • Instances of java.util.Random are not cryptographically secure. Consider instead using SecureRandom to get a cryptographically secure pseudo-random number generator for use by security-sensitive applications.

http://docs.oracle.com/javase/7/docs/api/java/util/Random.html



  • When generating random numbers in Java for cryptographic purposes, many developers often use the java.security.SecureRandom class

if it is used improperly the output can become predictable.
The java.security.SecureRandom class does not actually implement a pseudorandom number generator (PRNG) itself.



A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG),[1] is an algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state, which includes a truly random seed.
Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom numbers are important in practice for their speed in number generation and their reproducibility.
Cryptographic applications require the output to also be unpredictable, and more elaborate algorithms, which do not inherit the linearity of simpler solutions, are needed.
java.security.SecureRandom class does not actually implement a pseudorandom number generator (PRNG) itself.
It uses PRNG implementations in other classes to generate random numbers
The PRNGs are part of Java cryptographic service providers (CSPs). In Sun’s Java implementation, the SUN CSP is used by default.
On Windows, the SUN CSP uses the SHA1PRNG implemented in sun.security.provider.SecureRandom by default.

SecureRandom sr1 = new SecureRandom();
// The following will create SUN SHA1PRNG if the highest  priority CSP is SUN
SecureRandom sr2 = SecureRandom.getInstance("SHA1PRNG");
// The following will always create SUN SHA1PRNG
SecureRandom sr3 = SecureRandom.getInstance("SHA1PRNG", "SUN");
according to Sun’s documentation, the returned java.security.SecureRandom instance is not seeded by any of these calls.
java.security.SecureRandom.nextBytes(byte[]) is called, then the PRNG is seeded using a secure mechanism provided by the underlying operating system (starting with JRE 1.4.1 in Windows and JRE 1.4.2 in Linux and Solaris

If java.security.SecureRandom.setSeed(long) or java.security.SecureRandom.setSeed(byte[]) is called before a call to java.security.SecureRandom.nextBytes(byte[]), then the internal seeding mechanism is bypassed, and only the provided seed is used to generate random numbers.

Always specify the exact PRNG and provider that you wish to use. If you just use the default PRNG, you may end up with different PRNGs on different installations of your application that may need to be called differently in order to work properly. Using the following code to get a PRNG instance is appropriate:
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");

When using the SHA1PRNG, always call java.security.SecureRandom.nextBytes(byte[]) immediately after creating a new instance of the PRNG. This will force the PRNG to seed itself securely. If for testing purposes, you need predictable output, ignoring this rule and seeding the PRNG with hard-coded/predictable values may be appropriate.


http://www.cigital.com/justice-league-blog/2009/08/14/proper-use-of-javas-securerandom



  • For general statistics, Random is fine. Its a typical modulo congruent function.

SecureRandom is more random. Specifically, it aims to make it impossible to predict the next "random" number from a sequence, which is trivial to do with most modulo congruent algorithms.

Consider a Monti Carlo simulation. You call the nextRan() function and are happy as long as the function's pseudo random numbers pass the usual random tests.

Consider a cryptographic message protocol, where you generate random session keys. Once a few sequential keys are know, you do not want the bad guy (traditionally labelled Mallet or Eve) to be able to predict the next key generated from the "random" function.

So the use of a traditional modulo congruent algorithm is not at all suitable in a crypto application. 
http://www.coderanch.com/t/410832/java/java/Java-Random-SecureRandom