Score:0

Where is the specification for SHA1PRNG?

in flag

I searched for the algorithm of the SHA1PRNG, which is implemented in Java's SecureRandom Class. Does anyone know how this algorithm works exactly? I have not found a source where the algorithm is described in detail.

My goal is to use it in JavaScript, but I didn't found any implementation, such that I has to do it on my own (educational purpose only and no production use). If someone implemented it already it would be nice to get it as a reference implementation.

us flag
This is a question better suited to the default SO forum. When it comes to that - why to you want to use exactly that one? You can find the [source code](https://github.com/frohoff/jdk8u-jdk/blob/master/src/share/classes/sun/security/provider/SecureRandom.java), but different JVM/JCE vendors may have different implementation. JS has already a few libraries providing a secure random number using the underlying system.
Cryptomathician avatar
in flag
@gusto2 thank you for providing this source code. I am working on a project for the university, where the server uses this class with the SHA1PRNG with a specific seed to generate a specific key pair (ECC, secp256r1 curve). To work with that server I need the corresponding implementation for JavaScript.
Cryptomathician avatar
in flag
@gusto2 Additionally, to my problem I want to know how this PRNG works exactly, but I didn't found any good resource for this algorithm.
Cryptomathician avatar
in flag
@gusto2 Do you know where I can find these specific vendor implementations of the JVM/JCE? I am working in this moment on Linux and with the Oracle JDK 1.8.0 update 241.
st flag
In JavaScript, you should be using `Crypto.getRandomValues()` https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues] instead of trying to roll your own CSRNG
Cryptomathician avatar
in flag
@rmalayter it is for educational purpose only. How are you able to learn about such stuff if you are not allowed to try it on your own in a lab environment? If everyone will not take a look into it, nobody will learn something about it. Yes, never build your own cryptosystem, but also cryptographers has to start somewhere and learn about stuff like that.
st flag
@Cryptomathician my apologies, your question didn't include any indication "this was for learning purposes". There are lots of challenges with writing a CSRNG in a JavaScript (browser) environment. First securely obtaining random entropy for seeding, and then also preventing third party script or the end user from "seeing" your seed material it or the actual random numbers you generate. The browser's built-in `Crypto.getRandomValues()` solves these issues by using the operating system's CSRNG directly via a syscall.
Cryptomathician avatar
in flag
@rmalayter thank you for the explanation. Maybe a more general question. Is it even possible to write an CSPRNG in JavaScript (browser), such that it is possible to overcome these challenges that you mentioned, without using a CSPRNG outside of the browser?
st flag
@Cryptomathician it depends on the security needs of the app; if you don’t care about the end user seeing the state or being able to tamper with outputs you could in theory collect entropy from user mouse movements and keyboard any use a cryptographic hash function to hash those into a seed. This can all be done in a browser, but the end user can easily see or modify any of that by pressing F12 and opening developer tools. Even if you used `window.crypto.getRandomValues` instead, the end user could simply choose to not use those values and substitute their own when making POSTs or API calls.
Score:2
us flag

My goal is to use it in JavaScript, but I didn't found any implementation

You can find the source code, but different JVM/JCE vendors may have different implementation.

see: https://github.com/frohoff/jdk8u-jdk/blob/master/src/share/classes/sun/security/provider/SecureRandom.java

Additionally, to my problem I want to know how this PRNG works exactly

On the Oracle doc site the SHA1PRNG is described as:

The name of the pseudo-random number generation (PRNG) algorithm supplied by the SUN provider. This algorithm uses SHA-1 as the foundation of the PRNG. It computes the SHA-1 hash over a true-random seed value concatenated with a 64-bit counter which is incremented by 1 for each operation. From the 160-bit SHA-1 output, only 64 bits are used.

Do you know where I can find these specific vendor implementations of the JVM/JCE?

The SHA1PRNG seems to be inherited for the very earlier versions of Java, so it should be the most compatible you can get.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.