RFR 8154523: SHA1PRNG output should change after reset

Wang Weijun weijun.wang at oracle.com
Sun May 8 23:08:35 UTC 2016


> On May 8, 2016, at 10:26 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> On 5/8/2016 9:06 PM, Wang Weijun wrote:
>> Ping again.
>> 
>>> On May 3, 2016, at 10:26 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>> 
>>> Hi All
>>> 
>>> Please take a review at
>>> 
>>> http://cr.openjdk.java.net/~weijun/8154523/webrev.00
>>> 
>>> Basically, a reset in SHA1PRNG should forget the internal state and cached output.
>>> 
> The spec of SecureRandomSpi.engineSetSeed() says:
> 
>   The given seed supplements, rather than replaces, the existing seed.

I think this is to encourage people to call setSeed() even if the caller cannot find a perfect seed, as any new call won't make randomness worse.

> 
> If I'm understand correctly, reseed is not the same as reset.  It should
> be OK to use the cached output for performance if the previous seed is OK.

Well, it's almost reset. One calls setSeed() hoping new entropy is added and the output changes. Calling setSeed() is not a common thing and I think it's OK to ignore the performance impact here. Non predictability is quite crucial for a SecureRandom.

Thanks
Max


> 
> Xuelei




More information about the security-dev mailing list