[Bug crypto/27111] New: SecureRandom isn't seeded on creation

[csm at gnu dot org]

If you create a new instance of SecureRandom with the default constructor, you
get an instance of the SHA1PRNG that hasn't been seeded with anything but a
constant value. As a result, if you repeatedly run the attached test case, you
will get the same output each time; on other VMs, the SecureRandom you get is
seeded with some random value.

This has security implications. If some application is relying on a default
SecureRandom to be seeded with random data, they will in fact be using an
unseeded one, and the output of an unseeded PRNG is completely guessable.

Sun-derived VMs use the security property `securerandom.source' and the system
property `java.security.egd' to control where to look for random bits to get a
seed. By default, the former points to `/dev/random,' and is accompanied by the
comment:

  # On Windows systems, the URL file:/dev/random enables use of the
  # Microsoft CryptoAPI seed functionality.

We should at least try to use `/dev/[u]random' on Unix systems.

Also, SHA1PRNG is a good, but not great random number generator. We have an
implementation of Yarrow in Classpath, which may be a better choice for our
default algorithm.


-- 
           Summary: SecureRandom isn't seeded on creation
           Product: classpath
           Version: 0.90
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: crypto
        AssignedTo: csm at gnu dot org
        ReportedBy: csm at gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27111