4

我目前正在玩涉及加密的android应用程序的想法。我打算在 ctr 模式下使用 aes,在带有漩涡的 PBKDF2 中使用按键拉伸。

我将实现一个新的充气城堡实现,而不是旧实现中内置的机器人。确保它在任何 android 版本上都能按预期工作。

但是我在找出一种为盐和密钥生成随机数的可靠方法时遇到了一些问题。我在某处读到,android 中内置的安全随机在某些旧的 android 版本中是不安全的,而且我还听说大多数 android 手机很难在 dev/random 中保持高熵并且经常阻塞。这不应该对 dev/urandom 的安全性产生巨大影响吗?因此,我正在寻找使用手机上的传感器收集更多熵的好方法。

4

1 回答 1

4

以下类应该可以帮助您缓解 AndroidSecureRandom类的问题。创建此代码而不是文本,因为否则是小细节。

/**
 * A strengthener that can be used to generate and re-seed random number
 * generators that do not seed themselves appropriately.
 * 
 * @author owlstead
 */
public class SecureRandomStrengthener {
    private static final String DEFAULT_PSEUDO_RANDOM_NUMBER_GENERATOR = "SHA1PRNG";

    private static final EntropySource TIME_ENTROPY_SOURCE = new EntropySource() {

        final ByteBuffer timeBuffer = ByteBuffer.allocate(Long.SIZE / Byte.SIZE
                * 2);

        @Override
        public ByteBuffer provideEntropy() {
            this.timeBuffer.clear();
            this.timeBuffer.putLong(System.currentTimeMillis());
            this.timeBuffer.putLong(System.nanoTime());
            this.timeBuffer.flip();
            return this.timeBuffer;
        }
    };

    private final String algorithm;
    private final List<EntropySource> entropySources = new LinkedList<EntropySource>();
    private final MessageDigest digest;
    private final ByteBuffer seedBuffer;

    /**
     * Generates an instance of a {@link SecureRandomStrengthener} that
     * generates and re-seeds instances of {@code "SHA1PRNG"}.
     * 
     * @return the strengthener, never null
     */
    public static SecureRandomStrengthener getInstance() {
        return new SecureRandomStrengthener(
                DEFAULT_PSEUDO_RANDOM_NUMBER_GENERATOR);
    }

    /**
     * Generates an instance of a {@link SecureRandomStrengthener} that
     * generates instances of the given argument. Note that the availability of
     * the given algorithm arguments in not tested until generation.
     * 
     * @param algorithm
     *            the algorithm indicating the {@link SecureRandom} instance to
     *            use
     * @return the strengthener, never null
     */
    public static SecureRandomStrengthener getInstance(final String algorithm) {
        return new SecureRandomStrengthener(algorithm);
    }

    private SecureRandomStrengthener(final String algorithm) {
        if (algorithm == null || algorithm.length() == 0) {
            throw new IllegalArgumentException(
                    "Please provide a PRNG algorithm string such as SHA1PRNG");
        }

        this.algorithm = algorithm;
        try {
            this.digest = MessageDigest.getInstance("SHA1");
        } catch (final NoSuchAlgorithmException e) {
            throw new IllegalStateException(
                    "MessageDigest to create seed not available", e);
        }
        this.seedBuffer = ByteBuffer.allocate(this.digest.getDigestLength());
    }

    /**
     * Add an entropy source, which will be called for each generation and
     * re-seeding of the given random number generator.
     * 
     * @param source
     *            the source of entropy
     */
    public void addEntropySource(final EntropySource source) {
        if (source == null) {
            throw new IllegalArgumentException(
                    "EntropySource should not be null");
        }
        this.entropySources.add(source);
    }

    /**
     * Generates and seeds a random number generator of the configured
     * algorithm. Calls the {@link EntropySource#provideEntropy()} method of all
     * added sources of entropy.
     * 
     * @return the random number generator
     */
    public SecureRandom generateAndSeedRandomNumberGenerator() {
        final SecureRandom secureRandom;
        try {
            secureRandom = SecureRandom.getInstance(this.algorithm);
        } catch (final NoSuchAlgorithmException e) {
            throw new IllegalStateException("PRNG is not available", e);
        }

        reseed(secureRandom);
        return secureRandom;
    }

    /**
     * Re-seeds the random number generator. Calls the
     * {@link EntropySource#provideEntropy()} method of all added sources of
     * entropy.
     * 
     * @param secureRandom
     *            the random number generator to re-seed
     */
    public void reseed(final SecureRandom secureRandom) {
        this.seedBuffer.clear();
        secureRandom.nextBytes(this.seedBuffer.array());

        for (final EntropySource source : this.entropySources) {
            final ByteBuffer entropy = source.provideEntropy();
            if (entropy == null) {
                continue;
            }

            final ByteBuffer wipeBuffer = entropy.duplicate();
            this.digest.update(entropy);
            wipe(wipeBuffer);
        }

        this.digest.update(TIME_ENTROPY_SOURCE.provideEntropy());
        this.digest.update(this.seedBuffer);
        this.seedBuffer.clear();
        // remove data from seedBuffer so it won't be retrievable

        // reuse

        try {
            this.digest.digest(this.seedBuffer.array(), 0,
                    this.seedBuffer.capacity());
        } catch (final DigestException e) {
            throw new IllegalStateException(
                    "DigestException should not be thrown", e);
        }
        secureRandom.setSeed(this.seedBuffer.array());

        wipe(this.seedBuffer);
    }

    private void wipe(final ByteBuffer buf) {
        while (buf.hasRemaining()) {
            buf.put((byte) 0);
        }
    }
}

这是一个小界面EntropySource

/**
 * A simple interface that can be used to retrieve entropy from any source.
 * 
 * @author owlstead
 */
public interface EntropySource {
    /**
     * Retrieves the entropy.
     * The position of the ByteBuffer must be advanced to the limit by any users calling this method.
     * The values of the bytes between the position and limit should be set to zero by any users calling this method.
     * 
     * @return entropy within the position and limit of the given buffer
     */
    ByteBuffer provideEntropy();
}

请注意,类的输出尚未经过随机性测试(但这主要依赖于返回的SecureRandom类,因此应该没问题)。

最后,由于我没有准备好 Android 1.6 运行时,有人应该针对此版本或更低版本对其进行测试以确保兼容性(!)。

于 2013-07-06T22:03:03.803 回答