http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf
This paper examines the quality of the random numbers generated by
common Java libraries. In detail, the PRNGs, intended for use in cryptographic
environments, of Apache Harmony1, GNU Classpath2, OpenJDK3
and BouncyCastle4 are inspected. It is shown that the over-all
entropy of the Android PRNG can be reduced to 64 bits. Beyond this,
multiple weaknesses of entropy collectors are revealed. However, some of
these weaknesses only occur under special conditions (e.g., unavailable
/dev/{u}random device). We clearly point out that we are not going to
discuss the quality of random numbers generated by PRNGs shipped with
Operating Systems (OS). Discussions of OS provided (P)RNG facilities
can be found at e.g. [...useless links...]
--
http://www.subspacefield.org/~travis/
"Computer crime, the glamor crime of the 1970s, will become in the
1980s one of the greatest sources of preventable business loss."
John M. Carroll, "Computer Security", first edition cover flap, 1977
pgpumcz84c1Fk.pgp
Description: PGP signature
_______________________________________________ RNG mailing list [email protected] https://lists.bitrot.info/mailman/listinfo/rng
