JEP 123: SecureRandom First Draft and Implementation.

Brad Wetmore bradford.wetmore at oracle.com
Sat Jan 5 01:49:47 UTC 2013


I had an ugly chicken/egg bug I just figured out, so didn't get a chance 
to respond to your/Weijun/Xuelei's comments.

For the APIs, it's pretty clear I need some clearer explanations here, 
and maybe some adjustments.

I wouldn't suggest you spend much more time on the internals as things 
will change a bit and I just found another issue, but in case you want 
to see what I had in mind, there's a new webrev:

     http://cr.openjdk.java.net/~wetmore/6425477

See:  webrev.01

     addressed #4 below.

     in NativePRNG, if the file URL isn't readable, it defaults to
     /dev/random instead of disabling this implementation.

     couple bug fixes.

BTW, on #3 (@code), the Oracle Javadoc comment page still says to use 
<code></code>.  I originally didn't change it because there were so many 
instances of <code>.

 
http://www.oracle.com/technetwork/java/javase/documentation/index-137868.html

Thanks,

Brad


On 1/4/2013 2:03 PM, Sean Mullan wrote:
> Just some initial comments on the API. I have not looked at the code yet.
>
> 1. getStrongSecureRandom says:
>
>       * If the underlying SPI implementation does not support the
>       * {@link SecureRandomSpi.engineSetStrongMode(boolean)
>       *  SecureRandomSpi.engineSetStrongMode(boolean)} method,
>       * then a wrapper class will redirect <code>SecureRandomSpi</code>
>       * calls from <code>nextBytes()</code> to <code>generateSeed()</code>.
>
> Can you explain in a bit more detail what this means? Is the
> SecureRandom object that is returned the same whether mode is true or
> false, even if the underlying implementation could be upgraded to
> support a strong mode?
>
> 2. The name for the method getStrongMode seems a bit odd since it
> returns a boolean. How about isStrong instead?
>
> 3. Nit: Use {@code} instead of <code></code>
>
> 4. Consider marking getStrongSecureRandom and getStrongMode final. I
> think the other methods on SecureRandom are not final because the SPI
> was added later, unlike other security SPI classes.
>
> --Sean
>
> On 01/02/2013 08:58 PM, Brad Wetmore wrote:
>>
>> Hi,
>>
>> Please review the API/impl for JEP 123:
>>
>>      http://openjdk.java.net/jeps/123
>>      http://cr.openjdk.java.net/~wetmore/6425477/webrev.00/
>>
>> Oracle folks, there is also the internal CCC that needs review.  The bug
>> id is 6425477.
>>
>> There are several SecureRandom implementations in Oracle's JDK, and
>> together with the "configuration" options in the java.security file, it
>> can be very confusing for users to understand. As part of the work on
>> JEP 123, I took a comprehensive look at the different SecureRandom
>> implementations and how we got here.
>>
>> There are these implementations:
>>
>>      PKCS11:
>>          Direct calls to the native PKCS11 library.  Only enabled
>>          by default on Solaris, but available for any OS.  No difference
>>          between seed/random.
>>
>>      NativePRNG:
>>          uses /dev/random and /dev/urandom for seeds/random numbers
>>          respectively.  Doesn't exist on Windows.
>>
>>      SHA1PRNG:
>>          Available on all platforms.  By default, uses a confusing mix of
>>          /dev/[u]random for internal seeding and external seed
>>          generation, along with a SHA1 MessageDigest for
>>          generating random numbers.  The properties (below) control
>>          seeding, but in a confusing manner.
>>
>>      Windows-PRNG:
>>          Direct calls to the MSCAPI library, only available for Windows.
>>          No difference between seed/random.
>>
>> There were two main points for this JEP:
>>
>> 1.  Provide an API that allows applications to indicate whether they
>> want the "strongest-possible" (possibly blocking) values, or if just
>> regular values will do.
>>
>> 2.  See if we can clarify the configuration model, and eliminate some of
>> the confusion caused by the securerandom.source/java.security.egd
>> variables.
>>
>> This second point has caused a lot of pain for
>> developers/deployers/support.  The "workaround" of specifying
>> "file:/dev/./urandom" or "file:///dev/urandom" instead of
>> "file:/dev/urandom" has to be one of the most unintuitive ever.  [1]  ;)
>>
>> The default value of the variable is changed to file:/dev/random to
>> reflect the actual implementation we've been shipping since JDK 5, but
>> will also install NativePRNG as more preferred over the SHA1PRNG.
>> Otherwise, the part of the implementation stays the same, and is now
>> better documented in the java.security file.
>>
>> We'll also be updating the Oracle Provider documentation to reflect the
>> implementations, but that work will be done later.
>>
>> Thanks,
>>
>> Brad
>>
>> [1] https://forums.oracle.com/forums/thread.jspa?messageID=3793101
>>
>



More information about the security-dev mailing list