RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Fri Apr 1 11:34:09 UTC 2016

Hi All

Updated webrev at


Spec changes:

  - More text in @implNote of DrbgParameters.java, which somehow matches the Minimal Documentation Requirements described in 11.1 of NIST SP 800-90Ar1.

  - DrbgParameters.instantiate(strength,cap,ps) throws NPE if cap is null

  - SecureRandom.java: no more @implSpec for new methods since impl is in SecureRandomSpi. Also, make the following word changes in all UOE cases:

    - * @throws UnsupportedOperationException if the implementation
    - *         has not overridden this method.
    + * @throws UnsupportedOperationException if the underlying provider
    + *         implementation has not overridden this method.

"drbg" security property changes:

  - delimiter is now ",". Otherwise, "SHA-512/256" is ambiguous.

  - AbstractDrbg#toString and DrbgParameters$Instantiate#toString also use "," now.

  - default value is "", thus each aspect uses its own default as described in the comment.

  - examples

Code changes:

  - DRBG.java: more check for the "drbg" security property, one aspect cannot be set twice,
    and strength must be positive

  - HashDrbg.java optimization

    * Use MessageDigest#digest(output,offset,length) instead of digest()+arraycopy.
      (BTW, why is DigestException a checked exception?) --  a little useful

    * addBytes() now updates its first argument, therefore less round of adding -- very useful

    * store "new byte[1]" and "new byte[]{1}" as constants -- a little useful

  - MoreDrbgParameters: now including mech, so it can fully cover the "drbg" security property.  It still includes non-publicly configurable items like entropy source and nonce, that the DRBG (known-answer) Test Vectors require.


More information about the security-dev mailing list