Re: SecureRandom

Marianne Mueller (mrm@Eng)
Thu, 15 May 1997 15:17:23 -0700

Date: Thu, 15 May 1997 15:17:23 -0700
Message-Id: <199705152217.PAA06400@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: twolters@requisite.com
Subject: Re: SecureRandom

The source code for the JDK is available for evaluation or educational
or research purposes. You should read the source evaluation
license and decide if that works for you -

http://java.sun.com/products/jdk/1.1/source.html

We don't have an analysis of our PRNG at the level you are asking
about. I'm not aware of a hardware PRNG from Sun.

Marianne

> From: Tim Wolters <twolters@requisite.com>
> Date: Fri, 9 May 1997 14:28:58 -0600
>
> I was just at the Sun Software Developer Camp yesterday on Java
> Security. I'm currently using the default constructor of SecureRandom to
> seed the RNG. I've read the disclaimer in the Javadoc for the class.
> That aside, is the source code available for the seed generation, and is
> there ANY information presently that indicates a bias towards 0 or 1, or
> known platform/processor dependencies that weaken the algorithm? What
> other sources for good seeds are out there? Does Sun have a
> cryptographically secure hardware RNG?
>
> thanks in advance!
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Timothy Wolters + Requisite Technology Inc. +
> twolters@requisite.com
>
> "Sorry, you have the wrong number. This is 9-1-2. ", Chief Wiggums
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>