Revision as of 16:12, 29 July 2022

Overview

SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom coming in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.

The session ID generator configuration is stored in the web application context files:

<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>

@@ Line 19: / Line 19: @@
 = JSS Subsystem =
-PKI Server uses a JSS subsystem to initialize JSS environment.
+See [https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator Configuring Random Generator].
-The random number generator configuration is located in CS.cfg:
-<pre>
-jss.random.algorithm=pkcs11prng
-jss.random.provider=Mozilla-JSS
-</pre>
-It will use PK11SecureRandom by default. See also [[JSS Subsystem]].
 = Session ID Generator =