问题
PRNGs usually have a cycle after which the generated random numbers do repeat. What's the cycle of SecureRandom of Java when the instance of SecureRandom is created as follows:
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
回答1:
I'm a bit confused. I had a look into the code of sun.security.provider.SecureRandom of the openjdk. Here the internal state is updated as follows:
digest.update(state);
output = digest.digest();
updateState(state, output);
[...]
private static void updateState(byte[] state, byte[] output) {
int last = 1;
int v = 0;
byte t = 0;
boolean zf = false;
// state(n + 1) = (state(n) + output(n) + 1) % 2^160;
for (int i = 0; i < state.length; i++) {
// Add two bytes
v = (int)state[i] + (int)output[i] + last;
// Result is lower 8 bits
t = (byte)v;
// Store result. Check for state collision.
zf = zf | (state[i] != t);
state[i] = t;
// High 8 bits are carry. Store for next iteration.
last = v >> 8;
}
// Make sure at least one bit changes!
if (!zf)
state[0]++;
}
No counter is incremented but the internal state is simply updated with the output.
回答2:
From the description given in http://docs.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html#AppA:
SHA1PRNG: The name of the pseudo-random number generation (PRNG) algorithm supplied by the SUN provider. This implementation follows the IEEE P1363 standard, Appendix G.7: "Expansion of source bits", and uses SHA-1 as the foundation of the PRNG. It computes the SHA-1 hash over a true-random seed value concatenated with a 64-bit counter which is incremented by 1 for each operation. From the 160-bit SHA-1 output, only 64 bits are used.
i conclude that the cycle length is only 2^64 (assumed there are no backdoors built in)
来源:https://stackoverflow.com/questions/19000536/cycle-of-securerandom-of-java