8

我正在尝试使用 Java 生成加密安全随机数,并使用以下代码部分创建 SecureRandom 对象以查看其提供程序和算法:

Provider prov=new org.spongycastle.jce.provider.BouncyCastleProvider();
Security.insertProviderAt(prov, 1);

SecureRandom sr=new SecureRandom();
srProvider=sr.getProvider().toString();
srAlgorithm=sr.getAlgorithm();

(海绵城堡相当于由 Roberto Tyley 制造的 android 的充气城堡 - https://github.com/rtyley

当我显示提供者和算法时,它显示: Crypto version 1.0 SHA1PRNG

令我惊讶的是,即使它作为代码中的第一个提供程序安装,提供程序也不是 Spongycastle。我想问你 a) SecureRandom 是否在 Spongy Castle(或 Bouncy Castle)中实现。b)“加密版本 1.0”到底是什么(我的意思是它是 Sun JCE 提供者还是什么?)

谢谢...

鲁比

4

2 回答 2

6

Bouncy Castle does provide a set of Pseudo Random Number Generators (PRNGs). There are many names for PRNG's; NIST calls them Deterministic Random Bit Generators (DRBGs). They are however only available in the "Lightweight" API of Bouncy Castle, in the package org.bouncycastle.crypto.prng.

However, Bouncy Castle is a software-only implementation of cryptographic algorithms. This means that it doesn't contain a source for entropy. Entropy cannot be generated by software alone as software algorithms themselves are deterministic. So even if the Bouncy Castle provider would register some of the generators in its "BC" provider (or Spongy provider for Android) then it would still have to rely on the same entropy source as the platform SecureRandom implementation.

As the entropy source is likely the culprit for most performance issues, you should not expect wonders of Bouncy Castle with regards to random number generation efficiency.

Currently (v1.54) the Bouncy Castle provider doesn't register any SecureRandom implementations at all, so there's that.

于 2016-06-20T15:21:50.980 回答
4

假设您在 Android 上运行(您没有明确说明这一点)。Bouncy Castle 不提供SecureRandom实现。'Crypto' 是 Apache Harmony(Android 的大部分核心 Java 代码都基于它)JCE 提供程序。Android 中没有 Sun JCE 代码。顺便说一句,“加密”提供者只提供 SHA1PRNG (RNG)、SHA-1 (hash) 和 SHA1withDSA (signature) 实现。其他一切都由 Bouncy Castle 或基于 OpenSSL 的提供商提供。

问题:您认为为什么需要SecureRandomBouncy/Spongy Castle 的实现?

于 2012-04-21T16:46:08.647 回答