Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I have a basic question. Why 'SHA1PRNG' is used in SecureRandom Class. It will be helpful if someone explains about it. Thanks in advance.
SecureRandom.getInstance("SHA1PRNG");
Warning
In my opinion it is bad to directly rely on this algorithm. Please see
this answer on SO
where I show
why
relying on specific
SecureRandom
algorithms is bad.
Note that although most runtimes will have a provider with an
"SHA1PRNG"
implementation, the Java specifications do
not
require the the implementation of the algorithm, so it may fail with
NoSuchAlgorithmException
if you simply assume it is always there.
Short description
"SHA1PRNG"
is the name of a pseudo random number generator (the PRNG in the name). That means that it uses the SHA1 hash function to generate a stream of random numbers. SHA1PRNG is a proprietary mechanism introduced by Sun at the time.
The advantage of the implementation is that the PRNG runs independent of the OS, it doesn't rely on e.g.
/dev/random
or
/dev/urandom
. This can have performance benefits and it may also help against depletion of the OS entropy pool (the data on which the randomness of the system relies).
Properties of the algorithm
The SHA1 hash function is to create the output of the RNG and to hash the seed information before it is used in the PRNG. The SHA1PRNG output is decoupled from the internal state (so an attacker cannot recreate the internal state using just the output of the RNG).
The internal state is relatively large (currently limited to 160 bits, the hash size, for SHA1PRNG in Java 1.7). That means that it is almost impossible to create cycles. A cycle is created if the same internal state is encountered more than once - the following states would be the same as well (unless additional entropy is added using
setSeed()
).
There is no clear description of the algorithm available, unfortunately, and different providers may implement it differently, generally trying to mimic Java's implementation (sometimes badly or even insecurely).
Deterministic operation
PRNG's are deterministic. That means that they will always generate the same stream of random numbers from the same input material (the "seed"). The SUN SHA1PRNG will however seed itself from entropy retrieved from the operating system when the random pool is first accessed. In that case the random values will be indistinguishable from a true random number generator.
A special property of the SUN SHA1PRNG is that it will
only
use the seed given by
setSeed()
if it is called
before
the random pool is accessed using one of the
nextXxx()
methods to retrieve the random values. In that case the stream will only depend on the given seed and the implemented algorithm; the PRNG is in that case fully deterministic; it will always return the same "random" values if the same methods are called.
This can be useful during testing, but please
do not rely on this property in production code
. Even the SUN SHA1PRNG implementation has seen changes, so you cannot rely on the output to remain constant over different versions.
Notes
Note that implementations of SHA1PRNG may differ among JCA providers / different runtimes. The code on Android particularly is different and less stable than the SUN SHA1PRNG.
Please only use
SecureRandom
for its intended purpose: generating secure random values
.
–
–
Thanks for contributing an answer to Stack Overflow!
-
Please be sure to
answer the question
. Provide details and share your research!
But
avoid
…
-
Asking for help, clarification, or responding to other answers.
-
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our
tips on writing great answers
.
