Generated Diffie-Hellman keys lack of randomness

contactlaveena / dyuproject

Automatically exported from code.google.com/p/dyuproject

0 stars 0 forks source link

Generated Diffie-Hellman keys lack of randomness #21

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Consider the following issues in generateRandomKeys [1]:
- Using the system clock as source of randomness is quite weak
- Keys built out of this algorithm are too short (8-bytes)

[1] 
http://code.google.com/p/dyuproject/source/browse/trunk/modules/util/src/main/ja
va/com/dyuproject/util/DiffieHellman.java#51

Original issue reported on code.google.com by sebastien.martini on 19 Jul 2010 at 2:43

GoogleCodeExporter commented 9 years ago

Its a combination of current clock and the startup clock.

To add more randomness, a random int could be generated and its value could be 
multiplied to the current time (before adding to the startup time).

Patches are welcome!

Original comment by david.yu...@gmail.com on 20 Jul 2010 at 5:00

GoogleCodeExporter commented 9 years ago

Consider using this class 
http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/security/Sec
ureRandom.html instead, it is more appropriate for crypto keys.

Original comment by sebastien.martini on 20 Jul 2010 at 5:40