Design and impl review: JEP 273: DRBG-Based SecureRandom Implementations
Wang Weijun
weijun.wang at oracle.com
Wed Dec 16 07:20:41 UTC 2015
Webrev updated:
http://cr.openjdk.java.net/~weijun/8051408/webrev.02/
http://cr.openjdk.java.net/~weijun/8051408/webrev.02/specdiff/java/security/package-summary.html
Changes:
1. DrbgParameters has a Builder now
2. No more default implementation for reseed()
3. Synchronization is now inside implementation, on engineXXX() methods
4. engineConfigure() now throws InvalidAlgorithmParameterException instead of IllegalArgumentException
5. CtrDRBG uses up all input in engineSetSeed()
Thanks
Max
> On Dec 16, 2015, at 6:19 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 12/15/2015 03:09 AM, Wang Weijun wrote:
>> Good.
>>
>> But the builder will not provide default values so you will see
>>
>> new DrbgParameters.Builder().build().getAlgorithm() == null
>>
>> which means the getters still return requested values.
>
> That's fine, this is no different than what the current class does.
>
> --Sean
>
>> In this case, the algorithm will only be known after it is used for a specific DRBG, for example, SHA-256 for HashDRBG, and AES-256 for CtrDRBG.
>>
>> --Max
>>
>>> On Dec 15, 2015, at 12:05 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>
>>> The DrbgParameters class has 7 parameters, most of which are optional. A typical use case might involve lots of null parameters:
>>>
>>> DrbgParameters params = new DrbgParameters(null, null, 256, false, false, nonce, null);
>>>
>>> That seems awkward, and you have be overly careful to map the right value to each parameter.
>>>
>>> I think this is a case where a DrbgParameters.Builder would be very useful.
>>>
>>> --Sean
>>
More information about the security-dev
mailing list