iaik.security.random

Class SeedGenerator

java.lang.Object

iaik.security.random.SeedGenerator

Direct Known Subclasses:

VarLengthSeedGenerator

public abstract class SeedGenerator
extends java.lang.Object

A SeedGenerator is a class that "computes" random bits that can be used as seed for pseudo-random number generators (PRNG). This is an abstract class, subclasses have to implement this functionality. The generated bits should be truly random and non-deterministically generated based on e.g. user input, specialized external devices, or possibly the non-deterministic behavior of a multi-tasking operating system. Ideally all random bits needed for cryptographic applications would be generated in such a truly non-deterministic, random way. However, this turns out to be quite difficult on our (mostly ;) deterministic computers, therefore, only a random seed value is generated and then used with a deterministic PRNG. However, you should not use a single seed to generate a extremely long pseudo random sequence. In those cases it is advisable that you create a new seed every now and then.

The important point is that an attacker should have a probability no larger than 2^-n of guessing the correct n bit seed, nor should he be able to manipulate the random bit generation in a way to increase his probability of guessing it. Note that the attacker could reside on (in order of increasing difficulty for us) on (a) some machine connected to us via the Internet or some other WAN (b) on the same LAN (c) running tasks on the same machine (d) have full control over the OS run on our machine and (e) be the user running the seed generator himself. Obviously applications will usually not be concerned all of these cases, but only the first two or three.

Also note that if a seed of e.g. 64 bit is fed to a PRNG which is later used to generate a 128 bit random encryption key, the effective strength of that key is only 64 bit because an attacker could recreate the deterministic steps used to blow up the seed from 64 to 128 bit. On the other hand it would be no problem at all to generate an arbitrary number of 56 bit keys from our 64 bit seed. In short, this means that the seed should always be at least as long as the longest independent random value that needs to be generated from it.

General API usage:

1. Select the seed generator you intend to use and create an instance of it. Usually you will be required to specify the number of random bits you want to have generated at creation time of the object, otherwise a default value will be used. NOTE that this specifies only the amount of randomness in the seed that is generated and not the number of bits that will be returned by getSeed(). Those will often be the output of some message digest function and therefore be of constant length.
2. Depending on the generator used, you might have to perform some actions (i.e. call methods) before the seed can be fetched via getSeed() or it might be available immediately. You can check whether the seed is ready by using a SeedGenListener, you can call seedAvailable(), etc.
3. Fetch the random bits by calling getSeed(). Calling getSeed() again will yield the same seed, if you want to generate more random bits you have to create a new SeedGenerator object.

Version:

File Revision 31

See Also:

AWT11SeedGenerator, MetaSeedGenerator, AutoSeedGenerator

Field Summary

Fields

Modifier and Type	Field and Description
protected SeedGenListener	seedGenListener The current SeedGenListener of this class.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SeedGenerator() Constructor for use by subclasses.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	callSeedGenListener() If a SeedGenListener is set, call it with the parameters returned by getStatus.
static SeedGenerator	getDefault() Get a new instance of the default seed generator.
static SeedGenerator	getDefaultSeedGenerator() Deprecated. use getDefault() instead.
abstract byte[]	getSeed() Get the generated random seed bits.
abstract int[]	getStatus() Get the current status of seed generation.
boolean	seedAvailable() Check whether the seed is available to be fetched via getSeed().
static void	setDefault(java.lang.Class clazz) Set the default seed generator.
static void	setDefaultSeedGenerator(SeedGenerator g) Deprecated. use setDefault() instead.
void	setSeedGenListener(SeedGenListener seedGenListener) Sets the SeedGenListener for this object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

seedGenListener

protected SeedGenListener seedGenListener

The current SeedGenListener of this class. For use by subclasses.

Constructor Detail

SeedGenerator

protected SeedGenerator()

Constructor for use by subclasses. No public instantiation of this object.

Method Detail

getDefault

public static SeedGenerator getDefault()

Get a new instance of the default seed generator. Unless set by the application this will be a MetaSeedGenerator seeded from a 256 bit seed generated by JDKSeedGenerator.

Returns:

The SeedGenerator instance.

setDefault

public static void setDefault(java.lang.Class clazz)

Set the default seed generator. Instances of the default seed generator should not require any special initialization procedures or user interaction. The given class object must represent a SeedGenerator that has a no-args constructor accessible to this class.
If the given clazz is assignable from the VarLengthSeedGenerator class, it is also set as default VarLengthSeedGenerator.

Parameters:

clazz - the class that implements the default seed generator to be used

Throws:

java.lang.IllegalArgumentException - if there was an error with the SeedGenerator

getSeed

public abstract byte[] getSeed()

Get the generated random seed bits. Some seed generators may require some special procedure before getSeed may be called. If the seed is not yet available this method should return null, if it is called again after the seed has already been fetched it should return that same seed a second time.

getStatus

public abstract int[] getStatus()

Get the current status of seed generation. Returns an array of two integers, the first indicates how many random bits have already been generated and the second gives the total number of random bits to be generated. Per definition, if getStatus()[0] equals getStatus()[1], the seed is ready to be fetched via getSeed().

seedAvailable

public final boolean seedAvailable()

Check whether the seed is available to be fetched via getSeed(). This is implemented by calling getStatus().

callSeedGenListener

protected void callSeedGenListener()

If a SeedGenListener is set, call it with the parameters returned by getStatus. If no SeedGenListener is set, this method does nothing. For use by subclasses.

setSeedGenListener

public void setSeedGenListener(SeedGenListener seedGenListener)

Sets the SeedGenListener for this object. The SeedGenListener can keep track of the number of random bits generated to check when the SeedGenerator is finished or to inform the user e.g. how many more events he has to generate. If the SeedGenListener is not null, its bitsGenerated() method is called each time the SeedGenerator generates new random bits. Calling this method will also call the SeedGenListener immediately.

setDefaultSeedGenerator

public static void setDefaultSeedGenerator(SeedGenerator g)
                                    throws RandomException

Deprecated. use setDefault() instead.

This method is deprecated and supported for compatibility only. It will be removed in the next major release.

Throws:

RandomException

getDefaultSeedGenerator

public static SeedGenerator getDefaultSeedGenerator()

Deprecated. use getDefault() instead.

This method is deprecated and supported for compatibility only. It will be removed in the next major release.