SecureRandom简介

home

SecureRandom简介

栏目:Java8基础作者:admin 日期:2015-07-28 评论:1 点击: 6,698 次

SecureRandom是强随机数生成器，主要应用的场景为：用于安全目的的数据数，例如生成秘钥或者会话标示（session ID），在上文《伪随机数安全性》中，已经给大家揭露了弱随机数生成器的安全问题，而使用SecureRandom这样的强随机数生成器将会极大的降低出问题的风险。本文给大家简单介绍一下SecureRandom的相关知识，首先看一下SecureRandom与Random的关系。
SecureRandom继承于Random，看一下它的两个构造函数构造函数：

public SecureRandom()

{

super(0);//调用Random的构造函数

getDefaultPRNG(false, null);

}

public SecureRandom(byte seed[])

{

super(0);//调用Random的构造函数

getDefaultPRNG(true, seed);

}

SecureRandom与Random的常见的两个方法如下所示：
获得一个随机的int数：

final protected int next(int numBits)

{

int numBytes = (numBits + 7) / 8;

byte b[] = new byte[numBytes];

int next = 0;

nextBytes(b);

for (int i = 0; i < numBytes; i++)

{

next = (next << 8) + (b[i] & 0xFF);

}

return next >>> (numBytes * 8 - numBits);

}

获得随机的字节数组：

synchronized public void nextBytes(byte[] bytes)

{

secureRandomSpi.engineNextBytes(bytes);

}

SecureRandom与Random安全性对比：

For example, let's say that we want to pick a 128-bit AES encryption key. The idea of a strong encryption algorithm such as AES is that in order for an adversary to guess the key by "brute force" (which we assume is the only possible means), they would have to try every single possible key in turn until they hit on the right one. By law of averages, we would expect them to find it after half as many guesses as there are possible keys. A 128-bit key has 2¹²⁸possible values, so on average, they would have to try 2¹²⁷ keys. In decimal 2¹²⁷ is a 39-digit number. Or put another way, trying a million million keys per second, it would take 5x10¹⁵ millennia to try 2¹²⁷ keys. Not even the British government wants to decrypt your party invitations that badly. So with current mainstream technology1, a 128-bit key is in principle sufficient for most applications.

But these metrics hold true only if our key selection algorithm— i.e. our random number generator— genuinely can pick any of the possible keys. For example, we certainly should not choose the key as follows:

// This is WRONG!! Do not do this!

Random ranGen = new Random();

byte[] aesKey = new byte[16]; // 16 bytes = 128 bits

ranGen.nextBytes(aesKey);

The problem here is that the period of java.util.Random is only 2⁴⁸. Even though we're generating a 128-bit key, we will only ever pick from a subset of 2⁴⁸ of the possible keys. Or put another way: an attacker need only try on average 2⁴⁷ keys, and will find our key by trial and error in a couple of days if they try just a thousand million keys per second. And as if that wasn't bad enough, they probably don't even need to try anywhere near 2⁴⁷: for reasons discussed earlier, there's a good chance that an instance of java.util.Random created within a couple of minutes of bootup will actually be seeded from a about one thousandth of the 2⁴⁸possible values. This time, HM Sniffing Service doesn't even need expensive hardware to find the secret location of your housewarming party: a trip to Staples will give them all the computing power they need.

So as you've probably guessed, our solution to the problem is to use SecureRandom instead: