Looking for comments on PRNG seeding best practices. Here's one thing I got from a Cigital page: ===========================================
Finally, regardless of how well the PRNG is seeded, it should not be
used indefinitely without reseeding. There are two approaches that can
be used for longer-term security of PRNG output:
Periodically throw away the existing java.security.SecureRandom
instance and create a new one. This will generate a new instance with
a new seed.
Periodically add new random material to the PRNG seed by making a call
to
java.security.SecureRandom.setSeed(java.security.SecureRandom.generateSeed(int)).
In summary, keep the following in mind when using java.security.SecureRandom:
Always specify the exact PRNG and provider that you wish to use. If
you just use the default PRNG, you may end up with different PRNGs on
different installations of your application that may need to be called
differently in order to work properly. Using the following code to get
a PRNG instance is appropriate:
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "SUN");
When using the SHA1PRNG, always call
java.security.SecureRandom.nextBytes(byte[]) immediately after
creating a new instance of the PRNG. This will force the PRNG to seed
itself securely. If for testing purposes, you need predictable output,
ignoring this rule and seeding the PRNG with hard-coded/predictable
values may be appropriate.
Use at least JRE 1.4.1 on Windows and at least JRE 1.4.2 on Solaris
and Linux. Earlier versions do not seed the SHA1PRNG securely.
Periodically reseed your PRNG as observing a large amount of PRNG
output generated using one seed may allow the attacker to determine
the seed and thus predict all future outputs.
Another set of rules I got:
===========================
1. Seeds must have a finite seed life (e.g. the number of blocks or
inputs that are produced during a seed period)
2. Reseeding should be accomplished by either explicit reseeding of
the RNG by the consuming application or by a generate function
3. The seed that is used to initialize one instantiation of a RNG must
not be intentionally used to reseed the same instantiation or used as
the seed for another RNG instantiation
4. A RNG must not reseed itself
5. The seed used by a RNG and the entropy input used to create that
seed must not intentionally be used for other purposes (e.g., domain
parameter or prime number generation)
Comments?
--
http://www.subspacefield.org/~travis/
I'm feeling a little uncertain about this random generator of numbers.
pgpIWkiPcgG_B.pgp
Description: PGP signature
_______________________________________________ RNG mailing list [email protected] http://lists.bitrot.info/mailman/listinfo/rng
