Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use of "SHA1PRNG" in SecureRandom Class

I have a basic question. Why 'SHA1PRNG' is used in SecureRandom Class. It will be helpful if someone explains about it. Thanks in advance.

EX: SecureRandom.getInstance("SHA1PRNG");

like image 220
meghanath ch Avatar asked Oct 04 '12 11:10

meghanath ch


2 Answers

Warning

In my opinion it is bad to directly rely on this algorithm. Please see this answer on SO where I show why relying on specific SecureRandom algorithms is bad.

Note that although most runtimes will have a provider with an "SHA1PRNG" implementation, the Java specifications do not require the the implementation of the algorithm, so it may fail with NoSuchAlgorithmException if you simply assume it is always there.

Short description

"SHA1PRNG" is the name of a pseudo random number generator (the PRNG in the name). That means that it uses the SHA1 hash function to generate a stream of random numbers. SHA1PRNG is a proprietary mechanism introduced by Sun at the time.

The advantage of the implementation is that the PRNG runs independent of the OS, it doesn't rely on e.g. /dev/random or /dev/urandom. This can have performance benefits and it may also help against depletion of the OS entropy pool (the data on which the randomness of the system relies).

Properties of the algorithm

The SHA1 hash function is to create the output of the RNG and to hash the seed information before it is used in the PRNG. The SHA1PRNG output is decoupled from the internal state (so an attacker cannot recreate the internal state using just the output of the RNG).

The internal state is relatively large (currently limited to 160 bits, the hash size, for SHA1PRNG in Java 1.7). That means that it is almost impossible to create cycles. A cycle is created if the same internal state is encountered more than once - the following states would be the same as well (unless additional entropy is added using setSeed()).

There is no clear description of the algorithm available, unfortunately, and different providers may implement it differently, generally trying to mimic Java's implementation (sometimes badly or even insecurely).

Deterministic operation

PRNG's are deterministic. That means that they will always generate the same stream of random numbers from the same input material (the "seed"). The SUN SHA1PRNG will however seed itself from entropy retrieved from the operating system when the random pool is first accessed. In that case the random values will be indistinguishable from a true random number generator.

A special property of the SUN SHA1PRNG is that it will only use the seed given by setSeed() if it is called before the random pool is accessed using one of the nextXxx() methods to retrieve the random values. In that case the stream will only depend on the given seed and the implemented algorithm; the PRNG is in that case fully deterministic; it will always return the same "random" values if the same methods are called.

This can be useful during testing, but please do not rely on this property in production code. Even the SUN SHA1PRNG implementation has seen changes, so you cannot rely on the output to remain constant over different versions.

Notes

Note that implementations of SHA1PRNG may differ among JCA providers / different runtimes. The code on Android particularly is different and less stable than the SUN SHA1PRNG. Please only use SecureRandom for its intended purpose: generating secure random values.

like image 162
Maarten Bodewes Avatar answered Sep 28 '22 09:09

Maarten Bodewes


See the IBM Docs on the subject. It is just ensuring the random number generated is as close to "truly random" as possible. Easily guessable random numbers break encryption.

like image 38
Jeff Watkins Avatar answered Sep 28 '22 09:09

Jeff Watkins