I am trying to securely generate random numbers. It must support NIST standards, that is NIST SP 800-90A, SP 800-90B, SP 800-90C. I’ve read that Java 9 has an implementation of SecureRandom
supporting such standards.
My question is: is there an implementation supporting these standards in Java 8 (I am using Android)? Ideally I would like it to be built-in but otherwise what would you advise?
Advertisement
Answer
If I am reading “The Bouncy Castle FIPS Java API in 100 Examples” by David Hook (page 12) correctly, the FIPS release of Bouncy Castle provides implementations of the 3 DRBGs described in NIST SP 800-90A.
You can find more information about the Bouncy Castle Java FIPs project here.
Other FIPS certified JCSE provider implementations may also support this. (I have not investigated …)