SecureRandom.getInstance("DRBG")使用什么实际算法? [英] What actual algorithm is used by SecureRandom.getInstance("DRBG")?
问题描述
Java 9(JSR 379). > JEP 273 .但是,NIST文档 SP 800-90Ar1 ( NIST特殊出版物800-90A修订版1:使用确定性随机位生成器生成随机数的建议)规定了总共一种树机制:
Java 9 (JSR 379) introduces the NIST DRBG's as specified in JEP 273. However, the NIST document SP 800-90Ar1 (NIST Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators) specifies a total of tree mechanisms:
在800-90Ar1中(在所有平台上)实施三种DRBG机制(Hash_DRBG,HMAC_DRBG,CTR_DRBG).
Implement the three DRBG mechanisms (Hash_DRBG, HMAC_DRBG, CTR_DRBG) in 800-90Ar1 (on all platforms).
但是,尽管您可能希望我们现在可以使用三种方法来创建这种安全的随机算法:
However, although you might expect that we would now have three methods to create such secure random algorithms:
-
SecureRandom.getInstance("Hash_DRBG") -
SecureRandom.getInstance("HMAC_DRBG") -
SecureRandom.getInstance("CTR_DRBG")
SecureRandom.getInstance("Hash_DRBG")SecureRandom.getInstance("HMAC_DRBG")SecureRandom.getInstance("CTR_DRBG")
可能带有各种配置参数,我们似乎只有一个:
possibly with various configuration parameters, we seem to have only one:
-
SecureRandom.getInstance("DRBG")
那么开发人员如何配置和检测使用哪种算法?
So how can the developer configure and detect which one of the algorithms is used?
推荐答案
来自 JEP
新的 SecureRandomParameters 接口额外的输入可以是 提供给新的SecureRandom方法.
A new SecureRandomParameters interface so that additional input can be provided to the new SecureRandom methods.
从那里我们到达 DrbgParameters 其中
实施说明:
以下说明适用于SUN中的"DRBG"实现 JDK参考实现的提供者.这个实现 使用DRBG算法支持Hash_DRBG和HMAC_DRBG机制 SHA-224,SHA-512/224,SHA-256,SHA-512/256,SHA-384和SHA-512,以及 CTR_DRBG(均使用推导功能,而不使用推导 功能),并使用DRBG算法AES-128,AES-192和AES-256.
The following notes apply to the "DRBG" implementation in the SUN provider of the JDK reference implementation. This implementation supports the Hash_DRBG and HMAC_DRBG mechanisms with DRBG algorithm SHA-224, SHA-512/224, SHA-256, SHA-512/256, SHA-384 and SHA-512, and CTR_DRBG (both using derivation function and not using derivation function) with DRBG algorithm AES-128, AES-192 and AES-256.
机制名称和DRBG算法名称由 安全属性securerandom.drbg.config .默认选择是 具有SHA-256的Hash_DRBG.
The mechanism name and DRBG algorithm name are determined by the security property securerandom.drbg.config. The default choice is Hash_DRBG with SHA-256.
因此,依赖于实现且具有默认隐含功能,只能通过属性进行切换.
So, implementation dependent and with default impl, switchable only with a property.
这篇关于SecureRandom.getInstance("DRBG")使用什么实际算法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
