Join Log in
Score:0
Cryptomathician avatar Crypto

Where is the specification for SHA1PRNG?

in flag
Cryptomathician

I searched for the algorithm of the SHA1PRNG, which is implemented in Java's SecureRandom Class. Does anyone know how this algorithm works exactly? I have not found a source where the algorithm is described in detail.

My goal is to use it in JavaScript, but I didn't found any implementation, such that I has to do it on my own (educational purpose only and no production use). If someone implemented it already it would be nice to get it as a reference implementation.

208
0 + 0
us flag
gusto2
This is a question better suited to the default SO forum. When it comes to that - why to you want to use exactly that one? You can find the [source code](https://github.com/frohoff/jdk8u-jdk/blob/master/src/share/classes/sun/security/provider/SecureRandom.java), but different JVM/JCE vendors may have different implementation. JS has already a few libraries providing a secure random number using the underlying system.
1
Reply
Cryptomathician avatar
in flag
Cryptomathician
@gusto2 thank you for providing this source code. I am working on a project for the university, where the server uses this class with the SHA1PRNG with a specific seed to generate a specific key pair (ECC, secp256r1 curve). To work with that server I need the corresponding implementation for JavaScript.
0
Reply
Cryptomathician avatar
in flag
Cryptomathician
@gusto2 Additionally, to my problem I want to know how this PRNG works exactly, but I didn't found any good resource for this algorithm.
0
Reply
Cryptomathician avatar
in flag
Cryptomathician
@gusto2 Do you know where I can find these specific vendor implementations of the JVM/JCE? I am working in this moment on Linux and with the Oracle JDK 1.8.0 update 241.
0
Reply
st flag
rmalayter
In JavaScript, you should be using `Crypto.getRandomValues()` https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues] instead of trying to roll your own CSRNG
0
Reply
Cryptomathician avatar
in flag
Cryptomathician
@rmalayter it is for educational purpose only. How are you able to learn about such stuff if you are not allowed to try it on your own in a lab environment? If everyone will not take a look into it, nobody will learn something about it. Yes, never build your own cryptosystem, but also cryptographers has to start somewhere and learn about stuff like that.
0
Reply
st flag
rmalayter
@Cryptomathician my apologies, your question didn't include any indication "this was for learning purposes". There are lots of challenges with writing a CSRNG in a JavaScript (browser) environment. First securely obtaining random entropy for seeding, and then also preventing third party script or the end user from "seeing" your seed material it or the actual random numbers you generate. The browser's built-in `Crypto.getRandomValues()` solves these issues by using the operating system's CSRNG directly via a syscall.
1
Reply
Cryptomathician avatar
in flag
Cryptomathician
@rmalayter thank you for the explanation. Maybe a more general question. Is it even possible to write an CSPRNG in JavaScript (browser), such that it is possible to overcome these challenges that you mentioned, without using a CSPRNG outside of the browser?
0
Reply
st flag
rmalayter
@Cryptomathician it depends on the security needs of the app; if you don’t care about the end user seeing the state or being able to tamper with outputs you could in theory collect entropy from user mouse movements and keyboard any use a cryptographic hash function to hash those into a seed. This can all be done in a browser, but the end user can easily see or modify any of that by pressing F12 and opening developer tools. Even if you used `window.crypto.getRandomValues` instead, the end user could simply choose to not use those values and substitute their own when making POSTs or API calls.
0
Reply
Score:2
avatar Crypto
us flag
gusto2

My goal is to use it in JavaScript, but I didn't found any implementation

You can find the source code, but different JVM/JCE vendors may have different implementation.

see: https://github.com/frohoff/jdk8u-jdk/blob/master/src/share/classes/sun/security/provider/SecureRandom.java

Additionally, to my problem I want to know how this PRNG works exactly

On the Oracle doc site the SHA1PRNG is described as:

The name of the pseudo-random number generation (PRNG) algorithm supplied by the SUN provider. This algorithm uses SHA-1 as the foundation of the PRNG. It computes the SHA-1 hash over a true-random seed value concatenated with a 64-bit counter which is incremented by 1 for each operation. From the 160-bit SHA-1 output, only 64 bits are used.

Do you know where I can find these specific vendor implementations of the JVM/JCE?

The SHA1PRNG seems to be inherited for the very earlier versions of Java, so it should be the most compatible you can get.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.