如何在SecureRandom中正确使用setSeed()方法来生成RSA素材 [英] How to properly use setSeed() method in SecureRandom to generate RSA primes
问题描述
我想为RSA密钥生成生成两个质数。我想为了增加两个素数的随机性,随机可以产生如下:
SecureRandom r = SecureRandom.getInstance (SHA1PRNG);
r.setSeed(1232);
p = BigInteger.probablePrime(1024,r);
q = BigInteger.probablePrime(1024,r);
我的问题是:你认为使用 SecureRandom 将增加 p 和 q 随机性?如果是这样,我如何随机设置 setSeed()的值,而不是使其为固定值(这里我选择1232)?
< divNumber =h2_lin>解决方案
如CodesInChaos已经显示,SUN提供程序的默认实现使用系统随机数生成器自动种子本身。由于Java本身没有(显式)熵源,它或多或少依赖于系统的种子。
你不应该调用
最初调用 setSeed 可能因供应商而异。有时它将使用种子作为种子,但它也可以只是将种子添加到当前状态。在以后的Android版本(4.2以上)中,种子只是添加到随机状态,因此SHA1RNG将保持完全随机。
可能最好的方法是生成你的随机数生成器只是
SecureRandom r = new SecureRandom
,让Java运行时找出最好的一个。
如果你想使用一个明确的算法(然而,SUN / Oracle不太好描述),你可以使用:
SecureRandom r = SecureRandom.getInstance(SHA1PRNG);
。如果您要添加熵,请使用:
//仅用于确保SecureRandom是由OS
r.nextBytes(new byte [8]);
r.setSeed(1232);
常数值或文字不包含太多(如果有)熵。通常的熵源是当前时间(或者甚至更好, System.nanoTime()),鼠标移动等。
< hr>
对于Java 8,有一个新方法 getInstanceStrong() ,具有以下描述:
< blockquote>
返回使用securerandom.strongAlgorithms安全属性中指定的算法/提供程序选择的SecureRandom对象。
某些情况下需要强随机值,例如当创建高价值/长期秘密(如RSA公共/私有密钥)时。为了帮助指导应用程序选择合适的强SecureRandom实现,Java发行版包括 securerandom.strongAlgorithms 安全属性中已知的强SecureRandom实现的列表。
这应该用来代替对构造函数的调用。请注意,这可能会返回一个阻止 RNG,即:一个RNG可能阻止您的线程,直到有足够的熵可用。它还可能会耗尽您的操作系统熵池阻止其他应用程序,因此请谨慎使用它。
I want to produce the two prime numbers for RSA key generation. I think in order to increase both primes' randomness, the random may be generated as the following:
SecureRandom r = SecureRandom.getInstance("SHA1PRNG");
r.setSeed(1232);
p = BigInteger.probablePrime(1024, r);
q = BigInteger.probablePrime(1024, r);
My question is: Do you think using SecureRandom will increase the p and q randomness? If so, how can I randomly set the value of setSeed() instead of making it a fixed value ( here i chose 1232)?
As CodesInChaos already shows, the default implementation of the SUN provider automatically seeds itself using the system random number generator. As Java itself doesn't have an (explicit) entropy source it is more or less dependent on the system for its seed.
You should never call setSeed before retrieving data from the "SHA1PRNG" in the SUN provider as that will make your RNG (Random Number Generator) into a Deterministic RNG - it will only use the given seed instead of adding the seed to the state. In other words, it will always generate the same stream of pseudo random bits or values.
The initial call to setSeed may differ per provider. Sometimes it will use the seed as only seed, but it may also just add the seed to the current state. On later Android versions (4.2 onwards) the seed is just added to the random state, so the "SHA1RNG" will stay fully random.
Probably the best way to generate your random number generator is just
SecureRandom r = new SecureRandom();
and let the Java runtime figure out the best one.
if you want to use an explicit algorithm (which is, however, ill-described by SUN/Oracle) then you could use:
SecureRandom r = SecureRandom.getInstance("SHA1PRNG");
as in your code. If you want to add entropy, use:
// just used to make sure that the SecureRandom is seeded by the OS
r.nextBytes(new byte[8]);
r.setSeed(1232);
A constant value or literal doesn't contain much (if any) entropy. Usual sources of entropy are the current time (or even better, System.nanoTime()), mouse movements etc.
For Java 8 there is a new method getInstanceStrong() with the following description:
Returns a SecureRandom object that was selected by using the algorithms/providers specified in the securerandom.strongAlgorithms Security property.
Some situations require strong random values, such as when creating high-value/long-lived secrets like RSA public/private keys. To help guide applications in selecting a suitable strong SecureRandom implementation, Java distributions include a list of known strong SecureRandom implementations in the
securerandom.strongAlgorithmsSecurity property.
Which should be used as a replacement for the call to the constructor. Be warned that this may return a blocking RNG, that is: an RNG that may block your thread until sufficient entropy has become available. It may also drain your OS entropy pool blocking other applications, so only use it sparingly.
这篇关于如何在SecureRandom中正确使用setSeed()方法来生成RSA素材的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
