IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1 API Documentation: Class SeedGenerator

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.security.random
Class SeedGenerator

java.lang.Object
  |
  +--iaik.security.random.SeedGenerator

Direct Known Subclasses:: AutoSeedGenerator, HashObjectSeedGenerator, JDKSeedGenerator, MetaSeedGenerator

public abstract class SeedGenerator
extends Object

A SeedGenerator is a class that "computes" random bits that can be used as seed for pseudo-random number generators (PRNG). This is an abstract class, subclasses have to implement this functionality. The generated bits should be truely random and non-deterministically generated based on e.g. user input, specialized external devices, or possibly the non-deterministic behaviour of a multi tasking operating system. Ideally all random bits needed for cryptographic applications would be generated in such a truely non-deterministic, random way. However, this turns out to be quite difficult on our (mostly ;) deterministic computers, therefore, only a random seed value is generated and then used with a deterministic PRNG. However, you should not use a single seed to generate a extremely long pseudo random sequence. In those cases it is advisable that you create a new seed every now and then.

The important point is that an attacker should have a probability no larger than 2^-n of guessing the correct n bit seed, nor should he be able to manipulate the random bit generation in a way to increase his probability of guessing it. Note that the attacker could reside on (in order of increasing difficulty for us) on (a) some machine connected to us via the Internet or some other WAN (b) on the same LAN (c) running tasks on the same machine (d) have full control over the OS run on our machine and (e) be the user running the seed generator himself. Obviously applications will usually not be concerned all of these cases, but only the first two or three.

Also note that if a seed of e.g. 64 bit is fed to a PRNG which is later used to generate a 128 bit random encryption key, the effective strength of that key is only 64 bit because an attacker could recreate the deterministic steps used to blow up the seed from 64 to 128 bit. On the other hand it would be no problem at all to generate an arbitrary number of 56 bit keys from our 64 bit seed. In short, this means that the seed should always be at least as long as the longest independent random value that needs to be generated from it.

General API usage:

Select the seed generator you intend to use and create an instance of it. Usually you will be required to specify the number of random bits you want to have generated at creation time of the object, otherwise a default value will be used. NOTE that this specifies only the amount of randomness in the seed that is generated and not the number of bits that will be returned by getSeed(). Those will often be the output of some message digest function and therefore be of constant length.
Depending on the generator used, you might have to perform some actions (i.e. call methods) before the seed can be fetched via getSeed() or it might be available immediately. You can check whether the seed is ready by using a SeedGenListener, you can call seedAvailable(), etc.
Fetch the random bits by calling getSeed(). Calling getSeed again will yield the same seed, if you want to generate more random bits you have to create a new SeedGenerator object.

Version:: File Revision 20
See Also:: AWT11SeedGenerator, MetaSeedGenerator, AutoSeedGenerator

Field Summary

protected SeedGenListener seedGenListener
          The current SeedGenListener of this class.

Constructor Summary

protected SeedGenerator()
          Constructor for use by subclasses.

Method Summary

protected void callSeedGenListener()
          If a SeedGenListener is set, call it with the parameters returned by getStatus.

static SeedGenerator getDefault()
          Get a new instance of the default seed generator.

static SeedGenerator getDefaultSeedGenerator()
          Deprecated. use getDefault() instead.

abstract byte[] getSeed()
          Get the generated random seed bits.

abstract int[] getStatus()
          Get the current status of seed generation.

protected static byte[] longToBytes(long l)
          Convert the given long to a byte array, MSB first.

boolean seedAvailable()
          Check whether the seed is available to be fetched via getSeed().

static void setDefault(Class clazz)
          Set the default seed generator.

static void setDefaultSeedGenerator(SeedGenerator g)
          Deprecated. use setDefault() instead.

void setSeedGenListener(SeedGenListener seedGenListener)
          Sets the SeedGenListener for this object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

seedGenListener

protected SeedGenListener seedGenListener

The current SeedGenListener of this class. For use by subclasses.

Constructor Detail

SeedGenerator

protected SeedGenerator()

Constructor for use by subclasses. No public instantiation of this object.

Method Detail

getDefault

public static SeedGenerator getDefault()

Get a new instance of the default seed generator. Unless set by the application this will be a MetaSeedGenerator seeded from a 256 bit seed generated by JDKSeedGenerator.

setDefault

public static void setDefault(Class clazz)

Set the default seed generator. Instances of the default seed generator should not require any special initialization procedures or user interaction. The given class object must represent a SeedGenerator that has a no-args constructor accessible to this class.

Throws:: IllegalArgumentException - if there was an error with the SeedGenerator

getSeed

public abstract byte[] getSeed()

Get the generated random seed bits. Some seed generators may require some special procedure before getSeed may be called. If the seed is not yet available this method should return null, if it is called again after the seed has already been fetched it should return that same seed a second time.

getStatus

public abstract int[] getStatus()

Get the current status of seed generation. Returns an array of two integers, the first indicates how many random bits have already been generated and the second gives the total number of random bits to be generated. Per definition, if getStatus()[0] equals getStatus()[1], the seed is ready to be fetched via getSeed().

seedAvailable

public final boolean seedAvailable()

Check whether the seed is available to be fetched via getSeed(). This is implemented by calling getStatus().

callSeedGenListener

protected void callSeedGenListener()

If a SeedGenListener is set, call it with the parameters returned by getStatus. If no SeedGenListener is set, this method does nothing. For use by subclasses.

setSeedGenListener

public void setSeedGenListener(SeedGenListener seedGenListener)

Sets the SeedGenListener for this object. The SeedGenListener can keep track of the number of random bits generated to check when the SeedGenerator is finished or to inform the user e.g. how many more events he has to generate. If the SeedGenListener is not null, its bitsGenerated() method is called each time the SeedGenerator generates new random bits. Calling this method will also call the SeedGenListener immediately.

longToBytes

protected static byte[] longToBytes(long l)

Convert the given long to a byte array, MSB first. Should be moved to some utility class.

setDefaultSeedGenerator

public static void setDefaultSeedGenerator(SeedGenerator g)
                                    throws RandomException

Deprecated. use setDefault() instead.

This method is deprecated and supported for compatibility only. It will be removed in the next major release.

getDefaultSeedGenerator

public static SeedGenerator getDefaultSeedGenerator()

Deprecated. use getDefault() instead.