Thanks Bruce/Michael,
FYI, I've created:
8006041: Create SecureRandom standard algorithm names.
against JDK 8 to track this issue, and I had previously filed:
8003584: Consider adding a more modern SecureRandom implementation
to add the SP800-90a algorithms in JDK.
Brad
On 1/10/2013 9:48 AM, Bruce Rich wrote:
+1
IBM already has SP800-90a/SHA256/HASH, SP800-90a/SHA384/HASH, and
SP800-90a/SHA512/HASH in our provider, but without standardized names,
they are not very useable for the Java community as a whole.
Bruce A Rich
brich at-sign us dot ibm dot com
----- Forwarded by Bruce Rich/Austin/IBM on 01/10/2013 11:44 AM -----
From: Michael StJohns <[email protected]>
To: Sean Mullan <[email protected]>, Xuelei Fan
<[email protected]>
Cc: OpenJDK Dev list <[email protected]>, Brad Wetmore
<[email protected]>
Date: 01/09/2013 09:32 PM
Subject: Re: Update #2: JEP 123: SecureRandom First Draft and
Implementation.
Sent by: [email protected]
------------------------------------------------------------------------
At 09:45 AM 1/9/2013, Sean Mullan wrote:
>think it is unlikely that 2 providers would implement the same
SecureRandom algorithm, since the names are not standardized like other
cryptographic algorithms such as SHA-256, RSA, etc.
Can this be fixed? There really should be a flavor for this.
E.g.
SP800-90a/SHA256/HASH
SP800-90A/SHA256/HMAC
SP800-90A/AES/CTR
NRBG/NoisyDiode[/implementation id]
NRBG/RingOscillator[/Implementation id]
There are about 6 classes of NIST "approved" deterministic random number
generators. See
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf.
I wouldn't be surprised to find that multiple providers implement the
same RNGs, but don't have a common name for them. In fact, according to
wikipedia, the underlying function for MSCAPI is the FIPS186-2 appendix
3.1 with SHA1 function.
Mike
