发表新帖
发表新帖

Should I seed a SecureRandom?

前端 未结
关注
5 833
忘了有多久
忘了有多久 2021-01-17 07:09

Found the following code in our code base:

public static final int DEFAULT_LENGTH = 16;
private static SecureRandom SR;
static
{
   try
   {
      SecureRand
5条回答
  • 礼貌的吻别
    礼貌的吻别 (楼主)
    2021-01-17 07:58

    Sad, that javadoc does not say, what the minimum seed size "DEFAULT_LENGTH" is to reach the intended security level of algorithm design, not even for some default implementation. :(

    Essentially security depends on true random; there is nothing like "an algorithm seeding itself without exterior data". Unless the inputs of a seed generator are revealed, it is not possible to certify any security level.

    Providers of true random are 1.) https://www.random.org/ 2.) Tools as VeraCrypt derive white noise from mouse motion.

    If your goal is real security, you will combine numbers from anonymous random generators with self-cerified white noise.

    0 讨论(0)
 看不清?
提交回复
热议问题