使用"SHA1PRNG"在SecureRandom类中 [英] Use of "SHA1PRNG" in SecureRandom Class
问题描述
我有一个基本问题.为什么在SecureRandom类中使用"SHA1PRNG".如果有人对此进行解释,将很有帮助.预先感谢.
I have a basic question. Why 'SHA1PRNG' is used in SecureRandom Class. It will be helpful if someone explains about it. Thanks in advance.
EX:SecureRandom.getInstance("SHA1PRNG");
EX: SecureRandom.getInstance("SHA1PRNG");
推荐答案
警告
我认为直接依赖此算法是不好的.请参阅关于SO的答案,其中我显示为什么依赖于特定的 SecureRandom 算法不好.
Warning
In my opinion it is bad to directly rely on this algorithm. Please see this answer on SO where I show why relying on specific SecureRandom algorithms is bad.
请注意,尽管大多数运行时都将提供具有"SHA1PRNG" 实现的提供程序,但是Java规范不需要要求实现该算法,因此可能会失败如果仅假设它始终存在,则使用 NoSuchAlgorithmException .
Note that although most runtimes will have a provider with an "SHA1PRNG" implementation, the Java specifications do not require the the implementation of the algorithm, so it may fail with NoSuchAlgorithmException if you simply assume it is always there.
"SHA1PRNG" 是伪随机数生成器的名称(名称中为PRNG).这意味着它使用SHA1哈希函数生成随机数流.SHA1PRNG是当时Sun引入的专有机制.
"SHA1PRNG" is the name of a pseudo random number generator (the PRNG in the name). That means that it uses the SHA1 hash function to generate a stream of random numbers. SHA1PRNG is a proprietary mechanism introduced by Sun at the time.
该实现的优点是PRNG独立于操作系统运行,它不依赖于/dev/random 或/dev/urandom .这可以带来性能上的好处,也可以帮助减少OS熵池(系统随机性所依赖的数据)的消耗.
The advantage of the implementation is that the PRNG runs independent of the OS, it doesn't rely on e.g. /dev/random or /dev/urandom. This can have performance benefits and it may also help against depletion of the OS entropy pool (the data on which the randomness of the system relies).
SHA1哈希函数用于创建RNG的输出并在PRNG中使用种子信息之前对其进行哈希处理.SHA1PRNG输出与内部状态解耦(因此,攻击者无法仅使用RNG的输出来重新创建内部状态).
The SHA1 hash function is to create the output of the RNG and to hash the seed information before it is used in the PRNG. The SHA1PRNG output is decoupled from the internal state (so an attacker cannot recreate the internal state using just the output of the RNG).
内部状态相对较大(对于Java 1.7中的SHA1PRNG,当前限于160位,哈希大小).这意味着几乎不可能创建周期.如果多次遇到相同的内部状态,则会创建一个循环-以下状态也将相同(除非使用
The internal state is relatively large (currently limited to 160 bits, the hash size, for SHA1PRNG in Java 1.7). That means that it is almost impossible to create cycles. A cycle is created if the same internal state is encountered more than once - the following states would be the same as well (unless additional entropy is added using setSeed()).
不幸的是,没有可用的算法的清晰描述,不同的提供者可能会以不同的方式实现它,通常试图模仿Java的实现(有时是严重的,甚至是不安全的).
There is no clear description of the algorithm available, unfortunately, and different providers may implement it differently, generally trying to mimic Java's implementation (sometimes badly or even insecurely).
PRNG是确定性的.这意味着它们将始终从相同的输入材料(种子")生成相同的随机数流.但是,当首次访问随机池时,SUN SHA1PRNG将从从操作系统中检索到的熵中获得种子.在这种情况下,随机值将与真正的随机数生成器无法区分.
PRNG's are deterministic. That means that they will always generate the same stream of random numbers from the same input material (the "seed"). The SUN SHA1PRNG will however seed itself from entropy retrieved from the operating system when the random pool is first accessed. In that case the random values will be indistinguishable from a true random number generator.
SUN SHA1PRNG的一个特殊属性是,如果 before 被调用,它将仅使用 setSeed()给定的种子.使用 nextXxx()方法之一访问随机池以检索随机值.在这种情况下,流将仅取决于给定的种子和实现的算法;在这种情况下,PRNG是完全确定的;如果调用相同的方法,它将始终返回相同的随机"值.
A special property of the SUN SHA1PRNG is that it will only use the seed given by setSeed() if it is called before the random pool is accessed using one of the nextXxx() methods to retrieve the random values. In that case the stream will only depend on the given seed and the implemented algorithm; the PRNG is in that case fully deterministic; it will always return the same "random" values if the same methods are called.
这在测试期间可能很有用,但是请不要在生产代码中依赖此属性.甚至SUN SHA1PRNG的实现也发生了变化,因此您不能依靠输出在不同版本上保持不变.
This can be useful during testing, but please do not rely on this property in production code. Even the SUN SHA1PRNG implementation has seen changes, so you cannot rely on the output to remain constant over different versions.
请注意,在JCA提供程序/不同的运行时中,SHA1PRNG的实现可能有所不同.与SUN SHA1PRNG相比,Android上的代码尤其不同且不稳定.请仅将 SecureRandom 用于其预期目的:生成安全的随机值.
Note that implementations of SHA1PRNG may differ among JCA providers / different runtimes. The code on Android particularly is different and less stable than the SUN SHA1PRNG. Please only use SecureRandom for its intended purpose: generating secure random values.
这篇关于使用"SHA1PRNG"在SecureRandom类中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
