Generate Keypairs with strong prng provider (SHA1PRNG) (original) (raw)
Bernd ecki at zusammenkunft.net
Thu Mar 16 23:36:52 UTC 2017
- Previous message (by thread): RFR 8176536: Backport weak algorithms checking
- Next message (by thread): Generate Keypairs with strong prng provider (SHA1PRNG)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
as a general precaution I wanted to document key generation best practice. The SHA1PRNG with its small state and single 20 byte seed always is a bit questionable for generating long term keys. 160 bit entropy (as long as the SecureRandom instance is used only once) is not enough for larger RSA Keys or AES192 and 256.
So I was looking for a solution which works on 8 and 9 and involves more seed/state than the SHA1PRNG. On Windows the Windows-PRNG and on Linux the NativePRNGs both look better in this regard. The SecureRandom.getInstanceStrong() automatially uses them.
So while I think in the long run it might be better to wrap those generators with DRBG some more I think a minimum is to use the strong variant for key generation. I peeked into keytool to see whats best practice and I noticed it does unfortunately NOT use the strong variant or a DRBG configuration:
Is it really acceptable for long term keys this way? (I guess no answer means no :)
Would it be possible to bump the security level for keytool in 9?
Gruss Bernd -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170317/da5cb3ae/attachment.htm>
- Previous message (by thread): RFR 8176536: Backport weak algorithms checking
- Next message (by thread): Generate Keypairs with strong prng provider (SHA1PRNG)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]