Difference between revisions of "Random Number Generator"

From Dogtag
Jump to: navigation, search
m
m (Replaced content with "This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator.")
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Overview =
+
This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator.
 
 
SecureRandom is a generic Java API to access random number generator functionality.
 
 
 
SecureRandom random = new SecureRandom();
 
 
 
By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().
 
 
 
The API can be used to access other random number generators using the following interface:
 
 
 
SecureRandom random = SecureRandom.getInstance(algorithm, provider);
 
 
 
SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.
 
 
 
There is a new version of SecureRandom coming in Java 9, [http://openjdk.java.net/jeps/273 JEP-273], which adds SHA-512 and AES-256 based off NIST SP800-90.
 
 
 
JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.
 
 
 
= JSS Subsystem =
 
 
 
See [https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator Configuring Random Generator].
 
 
 
= Session ID Generator =
 
 
 
The session ID generator configuration is stored in the web application context files:
 
* https://github.com/dogtagpki/pki/blob/master/base/ca/tomcat8/conf/Catalina/localhost/ca.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/kra/tomcat8/conf/Catalina/localhost/kra.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/ocsp/tomcat8/conf/Catalina/localhost/ocsp.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/tks/tomcat8/conf/Catalina/localhost/tks.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/tps/tomcat8/conf/Catalina/localhost/tps.xml
 
 
 
<pre>
 
<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
</pre>
 
 
 
See also [https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html Tomcat 8 - The Manager Component].
 
 
 
= See Also =
 
 
 
* [https://github.com/dogtagpki/jss/wiki/PK11SecureRandom-Design PK11SecureRandom Design]
 
* [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators]
 
* [http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation]
 
* [http://csrc.nist.gov/publications/drafts/800-90/sp800_90c_second_draft.pdf NIST Special Publication 800-90C: Recommendation for Random Bit Generator (RBG) Constructions]
 
* [https://tersesystems.com/2015/12/17/the-right-way-to-use-securerandom/ The Right Way to Use SecureRandom]
 
* [https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html Class SecureRandom]
 
* [http://moi.vonos.net/java/securerandom/ Using the SecureRandom Class]
 
* [https://blogs.oracle.com/java-platform-group/thats-so-securerandom That's so SecureRandom]
 
* [https://www.synopsys.com/blogs/software-security/proper-use-of-javas-securerandom/ Proper use of Java SecureRandom]
 
* [https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers Random Certificate Serial Numbers]
 

Latest revision as of 16:31, 29 July 2022

This page has been moved to https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator.