Random points

Bernd Eckenfels bernd-2013 at eckenfels.net
Thu Jan 10 22:21:40 UTC 2013


Hello,


while trying to understand the exact behaviour of SecureRandom in Oracle  
JavaSE I found some places with potential improvements. I am new to the  
list, so let me know if and how I should submit the RFE (or patches)  
differently.



http://hg.openjdk.java.net/jdk8/jdk8-gate/jdk/file/32a57e645e01/src/share/classes/sun/security/provider/SeedGenerator.java

sun.security.provider.SeedGenerator#getSystemEntropy()
159: (if resolution is 20ms then this will only contribute 4bits) would it  
make sense to use nano seconds instead of millisenconds and submit more  
than one byte to the hashing? (longToByteArray() already exists)

170: instead of looping through the enumeration of the system property  
names I would loop over the entry set, since this avoids the hash lookups


http://hg.openjdk.java.net/jdk8/jdk8-gate/jdk/file/32a57e645e01/src/share/classes/sun/security/provider/SunEntries.java

32: this javadoc comment does not format nicely into html


http://hg.openjdk.java.net/jdk8/jdk8-gate/jdk/file/32a57e645e01/src/solaris/classes/sun/security/provider/NativePRNG.java

77: this logic requires both random and urandom to exist. The idea behind  
that is not using this native seeder if one of both is missing, since both  
are used. However on a system where one of both exists I would expect it  
to be used since it is for sure better than using the threaded  
alternative. In addition to that user might have specified one of both  
with java.security.egd and it is confusing if it is not observed.

130: MAX_BUFFER_TIME what is the idea behind expiring the urandom buffer?  
The content does not get worse or bad if it lays around. Especially not  
within 100ms.

252: implSetSeed() the comment says it is always adding the seed to the  
mixer and optionally writing it to dev/random, however the code is  
different, the engineSetSeed() is called at the end outside of a finally  
block, so in case there is a ioerror writing to /dev/random (likely!)  
there will also be additional seeding of the mixer

278: implNextBytes() this logic with calling ensureBufferValid() for every  
single byte has the disadvantage that it will call  
System.currentTimeMillis() for every byte EVEN when there are more/enough  
bytes in the internal buffer. This shoould be changed into two loops (the  
inner loop consumes all remaining buffered bytes without using the  
validity check). Another option would be to skip the validity check  
completely, I dont see a need for it.

Greetings
Bernd
-- 
http://bernd.eckenfels.net



More information about the security-dev mailing list