Fwd: Salt generation in Bouncycastle

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: Salt generation in Bouncycastle

Chamila Wijayarathna
Hi all,

I am trying to use Scrypt implementation of bouncy castle for securely store passwords. Does bouncycastle provide any functionality that I can use for salt generation in this process?

If so can someone provide me or point me to a sample code?

Thank You!

--
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Fwd: Salt generation in Bouncycastle

Edward Ned Harvey (bouncycastle)
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> I am trying to use Scrypt implementation of bouncy castle for securely store
> passwords. Does bouncycastle provide any functionality that I can use for salt
> generation in this process?

The salt is just a random number. I could tell you how to generate it, and how large it should be, but, I hesitate to say this, but if you don't know how to generate a salt, you should not be touching any crypto code; you are guaranteed to mess it up, and you'll fool yourself (or worse - other people) into thinking you have something secure. As a *bare* minimum, please take a course on crypto (even the coursera online course, for free, is good) and read a book such as Cryptography Engineering. I recommend the book - it's a quick read - I read it in like a week.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Salt generation in Bouncycastle

Chamila Wijayarathna
Hi Edward,

I'm not going to develop any applications using this, this is just for learning. I'm currently working on my research project on Usability of security APIs such as bouncycastle.

I'm familiar with generating random numbers with java.security.SecureRandom. I wanted to know how bouncycastle support this. 

Thank You!

On Wed, Mar 1, 2017 at 10:45 PM, Edward Ned Harvey (bouncycastle) <[hidden email]> wrote:
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> I am trying to use Scrypt implementation of bouncy castle for securely store
> passwords. Does bouncycastle provide any functionality that I can use for salt
> generation in this process?

The salt is just a random number. I could tell you how to generate it, and how large it should be, but, I hesitate to say this, but if you don't know how to generate a salt, you should not be touching any crypto code; you are guaranteed to mess it up, and you'll fool yourself (or worse - other people) into thinking you have something secure. As a *bare* minimum, please take a course on crypto (even the coursera online course, for free, is good) and read a book such as Cryptography Engineering. I recommend the book - it's a quick read - I read it in like a week.



--
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Fwd: Salt generation in Bouncycastle

Edward Ned Harvey (bouncycastle)
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> I'm not going to develop any applications using this, this is just for learning.
> I'm currently working on my research project on Usability of security APIs
> such as bouncycastle.
>
> I'm familiar with generating random numbers with
> java.security.SecureRandom. I wanted to know how bouncycastle support
> this.

Great - becoming familiar with crypto libraries including BC is a good reason to be playing with this even though it's new to you.

SecureRandom is the right thing to use. Depending on the platform, SecureRandom may or may not have sufficient seed material, so if you ever want to use it for a real purpose, you should make some effort to learn where the seed comes from, and if necessary, how to add seed material from a trusted source. Most likely, 16 bytes (128 bits) is a good salt size.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Salt generation in Bouncycastle

Chamila Wijayarathna
Hi Edward,

As per my understanding, java.security is something outside bouncycastle? I assume these are all the classes that are provided by bouncycastle API. Please correct me if I am wrong.

Does bouncycastle provide any way to create salt?

Thank You!

On Thu, Mar 2, 2017 at 12:15 PM, Edward Ned Harvey (bouncycastle) <[hidden email]> wrote:
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> I'm not going to develop any applications using this, this is just for learning.
> I'm currently working on my research project on Usability of security APIs
> such as bouncycastle.
>
> I'm familiar with generating random numbers with
> java.security.SecureRandom. I wanted to know how bouncycastle support
> this.

Great - becoming familiar with crypto libraries including BC is a good reason to be playing with this even though it's new to you.

SecureRandom is the right thing to use. Depending on the platform, SecureRandom may or may not have sufficient seed material, so if you ever want to use it for a real purpose, you should make some effort to learn where the seed comes from, and if necessary, how to add seed material from a trusted source. Most likely, 16 bytes (128 bits) is a good salt size.



--
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Fwd: Salt generation in Bouncycastle

Edward Ned Harvey (bouncycastle)
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> As per my understanding, java.security is something outside bouncycastle? I
> assume http://www.bouncycastle.org/docs/docs1.5on/index.html are all the
> classes that are provided by bouncycastle API. Please correct me if I am
> wrong.
>
> Does bouncycastle provide any way to create salt?

Yup, the API docs you found are good. Java.security is built-in to java, while BC is a separate package.

Whenever available, you should use the java built-in java.security.SecureRandom to generate your salt. If it's unavailable, or you'd like to show some distrust for it, you could use one of BC's crypto.prng classes instead, or in addition to SecureRandom. For example, it would be perfectly reasonable to get 16 bytes from SecureRandom, and also 1KB from BC crypto.prng.ThreadedSeedGenerator, and use both of those to seed BC crypto.prng.DigestRandomGenerator, from which you extract 16 bytes to use as your salt.

If for any reason, SecureRandom is unavailable or untrusted, and ThreadedSeedGenerator is untrusted (which it usually should be, to some extent) you need a source of entropy from somewhere - you could use an internet service - and you could feed that entropy into one of BC's crypto.prng classes. But if you have a source of entropy from somewhere, you might be able to use it directly, rather than using crypto.prng.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Salt generation in Bouncycastle

Chamila Wijayarathna
Hi Edward,

Thanks for the information,

Is there any code examples for creating salt using bouncycasthe crypto.prng casses such as SP800SecureRandom?

Thank You!

On Thu, Mar 2, 2017 at 11:07 PM, Edward Ned Harvey (bouncycastle) <[hidden email]> wrote:
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> As per my understanding, java.security is something outside bouncycastle? I
> assume http://www.bouncycastle.org/docs/docs1.5on/index.html are all the
> classes that are provided by bouncycastle API. Please correct me if I am
> wrong.
>
> Does bouncycastle provide any way to create salt?

Yup, the API docs you found are good. Java.security is built-in to java, while BC is a separate package.

Whenever available, you should use the java built-in java.security.SecureRandom to generate your salt. If it's unavailable, or you'd like to show some distrust for it, you could use one of BC's crypto.prng classes instead, or in addition to SecureRandom. For example, it would be perfectly reasonable to get 16 bytes from SecureRandom, and also 1KB from BC crypto.prng.ThreadedSeedGenerator, and use both of those to seed BC crypto.prng.DigestRandomGenerator, from which you extract 16 bytes to use as your salt.

If for any reason, SecureRandom is unavailable or untrusted, and ThreadedSeedGenerator is untrusted (which it usually should be, to some extent) you need a source of entropy from somewhere - you could use an internet service - and you could feed that entropy into one of BC's crypto.prng classes. But if you have a source of entropy from somewhere, you might be able to use it directly, rather than using crypto.prng.



--
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Fwd: Salt generation in Bouncycastle

Edward Ned Harvey (bouncycastle)
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> Is there any code examples for creating salt using bouncycasthe crypto.prng
> casses such as SP800SecureRandom?

It's probably better to ask what each of the prng classes is designed for. If I'm not mistaken, SP800SecureRandom is meant to be used around a DRBG.

You're not going to get very far depending on people to answer questions like this ... You need to read and understand the java, read and understand the crypto, use all the parts together correctly, and ask for help here when something's unclear...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Salt generation in Bouncycastle

David Hook-3
In reply to this post by Chamila Wijayarathna

There's some examples of construction of different SP800SecureRandom classes in
org.bouncycastle.crypto.prng.test.SP800RandomTest.

Regards,

David

On 02/03/17 23:13, Chamila Wijayarathna wrote:
Hi Edward,

Thanks for the information,

Is there any code examples for creating salt using bouncycasthe crypto.prng casses such as SP800SecureRandom?

Thank You!

On Thu, Mar 2, 2017 at 11:07 PM, Edward Ned Harvey (bouncycastle) <[hidden email]> wrote:
> From: Chamila Wijayarathna [mailto:[hidden email]]
>
> As per my understanding, java.security is something outside bouncycastle? I
> assume http://www.bouncycastle.org/docs/docs1.5on/index.html are all the
> classes that are provided by bouncycastle API. Please correct me if I am
> wrong.
>
> Does bouncycastle provide any way to create salt?

Yup, the API docs you found are good. Java.security is built-in to java, while BC is a separate package.

Whenever available, you should use the java built-in java.security.SecureRandom to generate your salt. If it's unavailable, or you'd like to show some distrust for it, you could use one of BC's crypto.prng classes instead, or in addition to SecureRandom. For example, it would be perfectly reasonable to get 16 bytes from SecureRandom, and also 1KB from BC crypto.prng.ThreadedSeedGenerator, and use both of those to seed BC crypto.prng.DigestRandomGenerator, from which you extract 16 bytes to use as your salt.

If for any reason, SecureRandom is unavailable or untrusted, and ThreadedSeedGenerator is untrusted (which it usually should be, to some extent) you need a source of entropy from somewhere - you could use an internet service - and you could feed that entropy into one of BC's crypto.prng classes. But if you have a source of entropy from somewhere, you might be able to use it directly, rather than using crypto.prng.



--
Chamila Dilshan Wijayarathna,
PhD Research Student
The University of New South Wales (UNSW Canberra)
Australian Centre for Cyber Security
Australian Defence Force Academy
PO Box 7916, Canberra BA ACT 2610
Australia
Mobile:(+61)416895795


Loading...