I wonder if you realize that sr.setSeed(seed) does *NOT*, repeat *NOT*
set a SecureRandom to produce a predictable series of values?
Not only would that no longer be secure, it's not what setSeed() does
for a SecureRandom. Instead, it supplements the existing seed (which
is beyond your control when created as below). You'd have to supply
the seed in the constructor.
And if you are expecting SecureRandom to produce the same series of
values (as seen by KeyGenerator), or KeyGenerator to produce the same
key, between two versions of the OS, you're relying on something which
is not documented. Reproducability is just not part of their job.
I strongly suspect (and fear) that you're screwed, and your users are
likely screwed as well. Sorry to deliver bad news. If you like, post
more about what you're doing and maybe we can help you figure out the
way forward.
On Dec 10, 11:30 am, Steve Hugg <hun...@fasterlight.com> wrote:
> More debugging on this issue...
>
> I am using this method to generate keys from a passphrase:
>
> KeyGenerator kgen = KeyGenerator.getInstance("AES", "BC");
> SecureRandom sr = SecureRandom.getInstance("SHA1PRNG",
> "Crypto");
> sr.setSeed(seed);
> kgen.init(128, sr);
> SecretKey skey = kgen.generateKey();
> byte[] raw = skey.getEncoded();
>
> This results in a different key for a given passphrase on 2.3 than it
> does on 1.5-2.2.
>
> Froyo returns this information for KeyGenerator and SecureRandom
> objects:
>
> AES BC version 1.34
> SHA1PRNG Crypto version 1.0
>
> Gingerbread returns:
>
> AES BC version 1.45
> SHA1PRNG Crypto version 1.0
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
