mercredi 9 octobre 2019

What actual algorithm is used by SecureRandom.getInstance("DRBG")?

Java 9 (JSR 379) introduces the NIST DRBG's as specified in JEP 273. However, the NIST document SP 800-90Ar1 (NIST Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators) specifies a total of tree mechanisms:

Implement the three DRBG mechanisms (Hash_DRBG, HMAC_DRBG, CTR_DRBG) in 800-90Ar1 (on all platforms).

However, although you might expect that we would now have three methods to create such secure random algorithms:

  1. SecureRandom.getInstance("Hash_DRBG")
  2. SecureRandom.getInstance("HMAC_DRBG")
  3. SecureRandom.getInstance("CTR_DRBG")

possibly with various configuration parameters, we seem to have only one:

  1. SecureRandom.getInstance("DRBG")

So how can the developer configure and detect which one of the algorithms is used?




Aucun commentaire:

Enregistrer un commentaire