Java: SecureRandom.getInstanceStrong() vs new SecureRandom()

Question

Given SecureRandom class is considered suitable for use in cryptography, I consider new SecureRandom() to be secure (funny term, isn't it?).

If new SecureRandom() already is secure, what would be the benefit of using SecureRandom.getInstanceStrong() instead?

Is this same kind of difference as between /dev/urandom and /dev/random?

I'm debating this in the following scenario, where I'm mostly concerned about making IV random (for use with AES-GCM):

private final SecureRandom secureRandom = new SecureRandom();
[...]
private byte[] getIv() {
    int ivLength = 12;
    byte[] iv = new byte[ivLength];
    secureRandom.nextBytes(iv);
    return iv;
}

This is library call to get instance... SecureRandom.getInstanceStrong() See Maarten answer on so — kelalaka, Dec 24 '21 at 20:24
Re. random: No (for the old ex.NSA kernel versions.) \dev\random was a TRNG whilst dev\urandom was a PRNG. — Paul Uszak, Dec 24 '21 at 22:03
A GCM IV doesn't need to be random. It only needs to be unique. So for this specific case, it doesn't matter. The only reason to use a random IV for GCM is if you can't remember all the IVs that have been previously used, so you instead rely on statistical uniqueness. For that, it's enough to have a statistically random value, it doesn't even need to be cryptographically random (which is a stronger property, including impredictability and independence from all other random values). — Gilles 'SO- stop being evil', Dec 24 '21 at 23:22
@kelalaka This is a bit of a Java mess actually. securerandom.source=file:/dev/random which block(ed) of course. So if you spun up an app server, it took like five minutes to return a http request. Even a non https daft one like my site which is pretty surprising (probably cookie generation). — Paul Uszak, Dec 25 '21 at 03:30
What @Gilles said is true, If possible use AES-GCM-SIV to mitigate this issue... — kelalaka, Dec 25 '21 at 22:38

score 2 · Answer 1 · edited Dec 28 '21 at 06:33

2

SecureRandom.getInstanceStrong() will ensure that a strong algorithm (securerandom.strongAlgorithms) will is used.

It is available since Java version 8. Check your version before starting to use.
If no such algorithm is available in running VM, it will throw NoSuchAlgorithmException.
This failure is a better practice instead of defaulting into weak security.

edited Dec 28 '21 at 06:33

kelalaka

48,443
11
116
196

answered Dec 27 '21 at 19:10

cactusresistance

21
5

1

Welcome to Cryptography. A link to this claim or code line from the source will make this answer much better. Otherwise, this is a self claim. For example one could also say, it there is no strong ( what is the meaning of strong) algorithm then it will use the default one; java.util.Random. There is need for reference and in Java case, even versions.. – kelalaka Dec 27 '21 at 21:51
Thank your for your feedback kelalaka, I've added a bit more clarifications, as you suggested. – cactusresistance Dec 27 '21 at 23:56
Is there a list of strongAlgorithms? – kelalaka Dec 28 '21 at 06:33
@kelalaka 'Strong' is a common term used by cryptographers, agencies and totalitarian governments to label an encryption can can't be defeated in real time. There's a list here. I don't know if AES should be added as there is no mathematical evidence that it's still secure. – Paul Uszak Dec 28 '21 at 16:48
@PaulUszak I'm talking about in the context of the Java Security and specially on the random number generatos. – kelalaka Dec 28 '21 at 16:58

Java: SecureRandom.getInstanceStrong() vs new SecureRandom()

1 Answers1