Difference between revisions of "Random Number Generator"

From Dogtag
Jump to: navigation, search
m (PK11SecureRandom)
m (References)
Line 45: Line 45:
 
See also [https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html Tomcat 8 - The Manager Component].
 
See also [https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html Tomcat 8 - The Manager Component].
  
= References =
+
= See Also =
  
 +
* [https://github.com/dogtagpki/jss/wiki/PK11SecureRandom-Design PK11SecureRandom Design]
 
* [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators]
 
* [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators]
 
* [http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation]
 
* [http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation]

Revision as of 16:01, 29 July 2022

Overview

SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom coming in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.

JSS Subsystem

PKI Server uses a JSS subsystem to initialize JSS environment.

The random number generator configuration is located in CS.cfg:

jss.random.algorithm=pkcs11prng
jss.random.provider=Mozilla-JSS

It will use PK11SecureRandom by default. See also JSS Subsystem.

Session ID Generator

The session ID generator configuration is stored in the web application context files:

<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>

See also Tomcat 8 - The Manager Component.

See Also