[kaffe] SecureRandomTest failed
Ito Kazumitsu
kaz at maczuka.gcd.org
Fri Jul 22 15:13:07 PDT 2005
> I am afraid something has changed so that Security.getProviders() returns
>
> gnu.java.security.provider.Gnu: name=GNU version=1.0
>
> before
>
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
Yes, gnu.java.security.provider.Gnu comes first. But that depends
on the environment.
I have found two independent problems related to this issue.
(1) In some environment, e.g. my case with FreeBSD 5.4-RELEASE,
Security.getProviders() by default lists only
gnu.java.security.provider.Gnu. So if you add
kaffe.security.provider.Kaffe, it is listed after
gnu.java.security.provider.Gnu.
But in another environment, Security.getProviders() by default lists
gnu.crypto.jce.GnuCrypto
org.metastatic.jessie.provider.Jessie
kaffe.security.provider.Kaffe
gnu.java.security.provider.Gnu
in this order. So if you add kaffe.security.provider.Kaffe,
it is not added because it is already there.
Older Kaffe on FreeBSD 5.4-RELEASE also behaved this way.
(2) The SHA1PRNG algorithm provided by gnu.java.security.provider.Gnu
is not secure enough because differnt instances always produce the
same result. So in an environment where the problem (1) exists,
SecureRandomTest fails.
To study this problem, I patched SecureRandomTest.java for debuging.
--- SecureRandomTest.java.orig Thu Feb 24 23:42:08 2005
+++ SecureRandomTest.java Sat Jul 23 05:52:43 2005
@@ -64,6 +64,10 @@
byte data[];
Security.addProvider(new kaffe.security.provider.Kaffe());
+ Provider[] pp = Security.getProviders();
+ for (int i=0; i < pp.length; i++) {
+ System.err.println(pp[i]);
+ }
/*
* Make sure the SecureRandom's produce different sequences after
Then I tested this program on FreeBSD 5.4-RELEASE and Linux 2.6.7-co-0.6.2.
In both cases, I used kaffe whose ChangeLog head is:
2005-07-22 Guilhem Lavaux <guilhem at kaffe.org>
On FreeBSD 5.4-RELEASE:
kaz at ph$ kaffe SecureRandomTest
gnu.java.security.provider.Gnu: name=GNU version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data = 8bc7ec02ec7c04f87a13ec6120616ead831baeaf
at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native)
at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79)
at java.lang.Throwable.fillInStackTrace (Throwable.java:498)
at java.lang.Throwable.<init> (Throwable.java:159)
at java.lang.Error.<init> (Error.java:81)
at SecureRandomTest.checkHistory (SecureRandomTest.java:51)
at SecureRandomTest.main (SecureRandomTest.java:89)
On Linux 2.6.7-co-0.6.2:
kaz at mini3$ kaffe SecureRandomTest
gnu.crypto.jce.GnuCrypto: name=GNU-CRYPTO version=2.1
org.metastatic.jessie.provider.Jessie: name=Jessie version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
gnu.java.security.provider.Gnu: name=GNU version=1.0
Two SecureRandoms produce different output.
More information about the kaffe
mailing list