javarandomcryptographysecure-random

What actual algorithm is used by SecureRandom.getInstance("DRBG")?


Java 9 (JSR 379) introduces the NIST DRBG's as specified in JEP 273: DRBG-Based SecureRandom Implementations.

However, the NIST document SP 800-90Ar1 (NIST Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators) specifies a total of three mechanisms:

Implement the three DRBG mechanisms (Hash_DRBG, HMAC_DRBG, CTR_DRBG) in 800-90Ar1 (on all platforms).

However, although you might expect that we would now have three methods to create such secure random algorithms:

  1. SecureRandom.getInstance("Hash_DRBG")
  2. SecureRandom.getInstance("HMAC_DRBG")
  3. SecureRandom.getInstance("CTR_DRBG")

… possibly with various configuration parameters, we seem to have only one:

  1. SecureRandom.getInstance("DRBG")

So how can the developer configure and detect which one of the algorithms is used?


Solution

  • From the JEP

    A new SecureRandomParameters interface so that additional input can be provided to the new SecureRandom methods.

    From there we get to DrbgParameters which says

    Implementation Note:

    The following notes apply to the "DRBG" implementation in the SUN provider of the JDK reference implementation. This implementation supports the Hash_DRBG and HMAC_DRBG mechanisms with DRBG algorithm SHA-224, SHA-512/224, SHA-256, SHA-512/256, SHA-384 and SHA-512, and CTR_DRBG (both using derivation function and not using derivation function) with DRBG algorithm AES-128, AES-192 and AES-256.

    The mechanism name and DRBG algorithm name are determined by the security property securerandom.drbg.config. The default choice is Hash_DRBG with SHA-256.

    So, implementation dependent and with default impl, switchable only with a property.