<font size=2 face="sans-serif">+1</font>
<br>
<br><font size=2 face="sans-serif">IBM already has SP800-90a/SHA256/HASH,
SP800-90a/SHA384/HASH, and SP800-90a/SHA512/HASH in our provider, but without
standardized names, they are not very useable for the Java community as
a whole.</font>
<br><font size=2 face="sans-serif"><br>
Bruce A Rich<br>
brich at-sign us dot ibm dot com<br>
</font>
<br><font size=1 color=#800080 face="sans-serif">----- Forwarded by Bruce
Rich/Austin/IBM on 01/10/2013 11:44 AM -----</font>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">Michael StJohns <mstjohns@comcast.net></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">Sean Mullan <sean.mullan@oracle.com>,
Xuelei Fan <xuelei.fan@oracle.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Cc:
</font><font size=1 face="sans-serif">OpenJDK Dev list <security-dev@openjdk.java.net>,
Brad Wetmore <bradford.wetmore@oracle.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">01/09/2013 09:32 PM</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">Re: Update #2:
JEP 123: SecureRandom First Draft and Implementation.</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">security-dev-bounces@openjdk.java.net</font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2>At 09:45 AM 1/9/2013, Sean Mullan wrote:<br>
>think it is unlikely that 2 providers would implement the same SecureRandom
algorithm, since the names are not standardized like other cryptographic
algorithms such as SHA-256, RSA, etc.<br>
<br>
Can this be fixed? There really should be a flavor for this.<br>
<br>
<br>
E.g. <br>
<br>
SP800-90a/SHA256/HASH<br>
SP800-90A/SHA256/HMAC<br>
SP800-90A/AES/CTR<br>
NRBG/NoisyDiode[/implementation id]<br>
NRBG/RingOscillator[/Implementation id]<br>
<br>
There are about 6 classes of NIST "approved" deterministic random
number generators. See </font></tt><a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf"><tt><font size=2>http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf</font></tt></a><tt><font size=2>.<br>
<br>
<br>
<br>
I wouldn't be surprised to find that multiple providers implement the same
RNGs, but don't have a common name for them. In fact, according to
wikipedia, the underlying function for MSCAPI is the FIPS186-2 appendix
3.1 with SHA1 function. <br>
<br>
Mike<br>
<br>
<br>
<br>
</font></tt>