Update #2: JEP 123: SecureRandom First Draft and Implementation.

Brad Wetmore bradford.wetmore at oracle.com
Thu Jan 10 03:40:47 UTC 2013


I don't see any reason why not.  We just need to come up with a good 
naming convention, and then we can add that into the Standard Algorithms 
document.

The existing names were established years ago, based on functional 
implementations rather than a specific algorithmic basis.

Brad



On 1/9/2013 7:31 PM, Michael StJohns wrote:
> At 09:45 AM 1/9/2013, Sean Mullan wrote:
>> think it is unlikely that 2 providers would implement the same SecureRandom algorithm, since the names are not standardized like other cryptographic algorithms such as SHA-256, RSA, etc.
>
> Can this be fixed?  There really should be a flavor for this.
>
>
> E.g.
>
> SP800-90a/SHA256/HASH
> SP800-90A/SHA256/HMAC
> SP800-90A/AES/CTR
> NRBG/NoisyDiode[/implementation id]
> NRBG/RingOscillator[/Implementation id]
>
> There are about 6 classes of NIST "approved" deterministic random number generators.  See http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf.
>
>
>
> I wouldn't be surprised to find that multiple providers implement the same RNGs, but don't have a common name for them.  In fact, according to wikipedia, the underlying function for MSCAPI is the FIPS186-2 appendix 3.1 with SHA1 function.
>
> Mike
>
>
>



More information about the security-dev mailing list