Random Number Generator

From Dogtag
Revision as of 16:01, 29 July 2022 by Edewata (talk | contribs) (PK11SecureRandom)

Jump to: navigation, search

Overview

SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom coming in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.

JSS Subsystem

PKI Server uses a JSS subsystem to initialize JSS environment.

The random number generator configuration is located in CS.cfg:

jss.random.algorithm=pkcs11prng
jss.random.provider=Mozilla-JSS

It will use PK11SecureRandom by default. See also JSS Subsystem.

Session ID Generator

The session ID generator configuration is stored in the web application context files:

<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>

See also Tomcat 8 - The Manager Component.

References