Oops, forgot the list...
Hi Edward,
Yes, it's up to me! I haven't had a chance to review this whole thread
of email yet, but github is definitely the place to add pull requests,
multiple fine-grained PRs preferred over monolithic changes when
possible. There seem to be serious concerns raised here, so a
review/improvement of SecureRandom is now a prerequisite for release 1.8.
Thankyou for taking the time to improve BC!
Regards,
Pete Dettman
On 5/08/2014 1:18 am, Edward Ned Harvey (bouncycastle) wrote:
First, I assume it's up to Pete to let me or us know how we can
contribute code. Hopefully Pete or somebody can offer some guidance
there?
Second, let's identify the problems:
1.ThreadedSeedGenerator returns poor quality entropy. Lots of
patterns, highly compressible by any compression algorithm (zlib,
bzip2, lzma, etc). This may be fixable somehow, but it's not
presently clear how exactly to fix it. Even without knowing how to
fix it right now, see below for workarounds that make its importance
much smaller:
2.The SecureRandom static constructor seeds a Sha256Generator, with
Ticks and 24 bytes from ThreadedSeedGenerator.
a.What it should do instead: Seed from Ticks, and also 32 bytes from
ThreadedSeedGenerator, and also 32 bytes from
CryptoApiRandomGenerator, and also from any other entropy sources if
they are available.
3.The non-static constructor only seeds itself with 8 bytes. Given
this is a sha1Generator, it should seed itself with 20 bytes.
There are some lower priority architectural issues, such as, using the
same static instance of sha1Generator and sha256Generator across all
instances of the class - because that way, the output of one instance
is dependent on the existence and use of other instances - But this
isn't a major issue. And no matter how much data gets read out from
the SecureRandom instance, it is never reseeded (only at instance
creation and if user manually adds seed). It really should reseed
occasionally. And there are a few other small concerns similar to
these, but they're not major.
The primary major concerns are numbered above. Bad entropy, bad seed
size, and failure to use multiple sources of entropy. These concerns
are huge security problems. I'd like to contribute code; I just need
permission or instruction how. I am familiar with git and github -
but I don't want to go to the effort of forking & modifying &
submitting pull request if that will be wasted effort.
