Design review: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Sat Nov 14 01:43:33 UTC 2015


> On 2015年11月14日, at 上午1:56, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 11/12/2015 07:58 PM, Wang Weijun wrote:
>>> What happens if configure is called more than once, or
>>> simultaneously by more than one thread?
>> The state is reset. The last one rules. The implementation can be
>> made synchronized.
>> 
>> * This method can be called multiple times. After each call, this *
>> {@code SecureRandom} object must be reseeded.
>> 
>>>> 
>>>> Instead of a configure method, I would suggest adding new
>>>> getInstance methods that take an AlgorithmParameterSpec. This
>>>> should simplify the implementation.
>> getInstance() has 3 flavors, (), (String) and (Provider). Too many
>> new methods to add.
> 
> Only 3 more. It would seem to make the implementation simpler, less state and synchronization to worry about.

OK.

> 
>>>> I also think it might be cleaner and simpler to make EntropyInput
>>>> an input parameter of DrbgSpec so that you could have a single
>>>> AlgorithmParameterSpec parameter (instead of an AlgParamSpec and
>>>> EntropyInput) for the getInstance method.
>> EntropyInput as a separated parameter means it applies to other
>> SecureRandom implementations and not only DRBG. For example, SHA1PRNG
>> can also have a specified entropy source. It is also useful to
>> describe what reSeed() means.
> 
> Ok but it's really just an input parameter, right?
> 
> Maybe, you want something like:
> 
> public interface SecureRandomSpec extends AlgorithmParameterSpec {
> 
>    EntropyInput getEntropyInput();
> }
> 
> public class DrbgSpec implements SecureRandomSpec {
> 
> }

Sound good.

I'll update the APIs.

Thanks
Max

> 
> --Sean




More information about the security-dev mailing list