RFC JEP: NIST SP 800-90A SecureRandom implementations
Weijun Wang
weijun.wang at oracle.com
Mon Aug 17 08:21:57 UTC 2015
Hi All
Please take a look at the draft JEP at
https://bugs.openjdk.java.net/browse/JDK-8051408
With this JEP, we'd like to add new pure-Java SecureRandom
implementations to OpenJDK, which are based on DRBG mechanisms in NIST
SP 800-90Ar1 [1].
According to 800-90C [3], RBG (SecureRandom in Java) consists of a DRBG
and its Source of Entropy Input, most likely an Entropy Source [2] which
is able to return fresh full entropy. This JEP introduced an
EntropyInput interface but has not provided many methods (you might want
getAvailability(), getRate(), setTimeOut(), etc). It will be enhanced in
another JEP (possibly not in JDK 9).
All suggestions are welcome.
Thanks
Max
[1]
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
[2] http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90c.pdf
[3] http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf
More information about the security-dev
mailing list