Could a seed from java.util.Random for java.security.SecureRandom weaken the cryptographically strong random number generator?
I saw this code and wonder why this is done in that specific way.
randomGenerator = new SecureRandom(); final Random rnd = new Random(); randomGenerator.setSeed(rnd.nextLong());
From the documentation, the call of setSeed will never reduce randomness. So why is setSeed called anyway?
public void setSeed(long seed)
Reseeds this random object, using the eight bytes contained in the given long seed. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.
docs.oracle.com
Advertisement
Answer
When using a CSPRNG, the cryptographic strength is the same as the bit-strength of the entropy used to seed it.
A CSPRNG will churn out a practically infinite amount of pseudorandom entropy, though in reality the actual strength of that pseudorandom entropy is only as strong as the entropy of the underlying seed state of the the CSPRNG.
Thus, if you were to use ONLY a seed from java.util.Random you’d be in trouble.
Thankfully, the kernel and other sources are used to seed the system CSPRNG that java.security.SecureRandom uses, and thus “adding”/mixing into this as shown in your example code above, can’t make it “less” random or decrease entropy.
So:
- Yes,
java.util.Randomseeds are worthless. - This is OK though because the system has already seeded the CSPRNG from hardware interrupts, boot jitter and other noise.
- Whoever wrote this:
randomGenerator.setSeed(rnd.nextLong());shouldn’t be involved with cryptographic engineering.