JEP 123: SecureRandom First Draft and Implementation.

Brad Wetmore bradford.wetmore at oracle.com
Fri Jan 4 23:18:23 UTC 2013 

Forwarding some relevant comments:

Brad


Set #2 of 2:  From xuelei.fan (at) oracle (dot) com:


 From the specification, looks like that a provider would have to support
both high-quality and normal-quality mode.  Otherwise,
SecureRandomSpi.engineSetStrongMode() should throw exception if the
provider does not support high-quality mode.  It does not look intuitive
to me, I think a few (many be only a very few) providers may only
support normal-quality or blocking mode.

 From the spec of SecureRandom.getStrongSecureRandom(), my understand is
that the returned value may be not configured with the request mode.  I
mean that if application request to use high-quality secure random, the
returned value may be not a high-quality secure random because the
underlying provider does not support the
SecureRandomSpi.engineSetStrongMode() or only supports normal-quality
mode.  It's confusing.  Or am I miss-understanding something?

BTW, the returned value of SecureRandom.getStrongSecureRandom() may not
inherit the secure properties from the original caller instance, for
example, the initialized seed.  I think it would be better to call
setSeed again on the returned value to add additional randomness. The
code may look like:

     SecureRandom sr = ...;
     sr.setSeed(...);
     SecureRandom newSR = sr.getStrongSecureRandom(true);
     newSR.setSeed(...); // looks like useless, but it is useful
                         // because the previous seed isn't inherited.

I think the quality of a secure random depends on the provider.  The
quality may be a attribute of a provider.  Personally, I like more to
use block or non-block mode.

I think you may have though about to use the algorithm characteristics,
as the one proposed in JEP 123 description:

     sr = new SecureRandom( ..., SR_HIGHQUALITY|SR_NON_BLOCKING);

It looks more intuitive to me, and the API may look like:
     // look for providers that supports the particular mode.
+   SecureRandom(boolean block);
+   SecureRandom(byte seed, boolean block);
+   SecureRandom.getInstance(String algorithm, boolean block);
+   SecureRandom.isBlockMode();

We may not need to update getInstance(String, Provider) because block or
non-block is a character of a provider (get the value by isBlockMode()).


Just for your consideration, may be too later.

Xuelei


On 1/2/2013 5:58 PM, Brad Wetmore wrote:
>
> Hi,
>
> Please review the API/impl for JEP 123:
>
>      http://openjdk.java.net/jeps/123
>      http://cr.openjdk.java.net/~wetmore/6425477/webrev.00/
>
> Oracle folks, there is also the internal CCC that needs review.  The bug
> id is 6425477.
>
> There are several SecureRandom implementations in Oracle's JDK, and
> together with the "configuration" options in the java.security file, it
> can be very confusing for users to understand. As part of the work on
> JEP 123, I took a comprehensive look at the different SecureRandom
> implementations and how we got here.
>
> There are these implementations:
>
>      PKCS11:
>          Direct calls to the native PKCS11 library.  Only enabled
>          by default on Solaris, but available for any OS.  No difference
>          between seed/random.
>
>      NativePRNG:
>          uses /dev/random and /dev/urandom for seeds/random numbers
>          respectively.  Doesn't exist on Windows.
>
>      SHA1PRNG:
>          Available on all platforms.  By default, uses a confusing mix of
>          /dev/[u]random for internal seeding and external seed
>          generation, along with a SHA1 MessageDigest for
>          generating random numbers.  The properties (below) control
>          seeding, but in a confusing manner.
>
>      Windows-PRNG:
>          Direct calls to the MSCAPI library, only available for Windows.
>          No difference between seed/random.
>
> There were two main points for this JEP:
>
> 1.  Provide an API that allows applications to indicate whether they
> want the "strongest-possible" (possibly blocking) values, or if just
> regular values will do.
>
> 2.  See if we can clarify the configuration model, and eliminate some of
> the confusion caused by the securerandom.source/java.security.egd
> variables.
>
> This second point has caused a lot of pain for
> developers/deployers/support.  The "workaround" of specifying
> "file:/dev/./urandom" or "file:///dev/urandom" instead of
> "file:/dev/urandom" has to be one of the most unintuitive ever.  [1]  ;)
>
> The default value of the variable is changed to file:/dev/random to
> reflect the actual implementation we've been shipping since JDK 5, but
> will also install NativePRNG as more preferred over the SHA1PRNG.
> Otherwise, the part of the implementation stays the same, and is now
> better documented in the java.security file.
>
> We'll also be updating the Oracle Provider documentation to reflect the
> implementations, but that work will be done later.
>
> Thanks,
>
> Brad
>
> [1] https://forums.oracle.com/forums/thread.jspa?messageID=3793101
>

More information about the security-dev mailing list