Quantcast

Use of non secure random in some BouncyCastle Class

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Use of non secure random in some BouncyCastle Class

Guyomarch, Francois-Eric

Hi,

 

We have noticed that some of the bouncycastle code we use is not using SecureRandom but Random instead.

 

Version of package is: bcprov-jdk15on-154

 

Occurrence 1:

pqc/math/linearalgebra /GF2Polynomial.java , line 518:

        randomize() function uses a non SecureRandom.
 

 

Occurrence 2:

math/ raw/ Mod.java, Line 106.
         Random function uses a non SecureRandom.
 

We are wondering if this could cause issue. Should these use SecureRandom instead ?

 

Thanks

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Use of non secure random in some BouncyCastle Class

Edward Ned Harvey (bouncycastle)
> From: Guyomarch, Francois-Eric [mailto:[hidden email]]
> Sent: Thursday, August 4, 2016 5:24 AM
> To: [hidden email]
>
> We have noticed that some of the bouncycastle code we use is not using
> SecureRandom but Random instead.
>
> Version of package is: bcprov-jdk15on-154
>
> Occurrence 1:
> pqc/math/linearalgebra /GF2Polynomial.java , line 518:
>         randomize() function uses a non SecureRandom.

For convenience:
https://github.com/bcgit/bc-java/blob/adecd89d33edf278a5c601af2de696f0a6f65251/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java#L518


> Occurrence 2:
> math/ raw/ Mod.java, Line 106.
>          Random function uses a non SecureRandom.

For convenience:
https://github.com/bcgit/bc-java/blob/adecd89d33edf278a5c601af2de696f0a6f65251/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java#L518


> We are wondering if this could cause issue. Should these use SecureRandom
> instead ?
>
> Thanks
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Use of non secure random in some BouncyCastle Class

David Hook
In reply to this post by Guyomarch, Francois-Eric

At the moment we don't believe these ones are an issue other than the fact that code analysers complain about them - they relate more to the need to be using random numbers than secret random numbers.

We'd certainly welcome more discussion on this though - always using SecureRandom sounds fine in a case like this till you consider possible performance issues, and the fact if you're going to make that commitment you have to make sure the SecureRandom is sourced appropriately (we had a lot of fun with the FIPS API over this, and there's still some places in the regular API where this needs to be improved). You want to make sure you're getting the benefit you're paying for.

Regards,

David

On 04/08/16 19:23, Guyomarch, Francois-Eric wrote:

Hi,

 

We have noticed that some of the bouncycastle code we use is not using SecureRandom but Random instead.

 

Version of package is: bcprov-jdk15on-154

 

Occurrence 1:

pqc/math/linearalgebra /GF2Polynomial.java , line 518:

        randomize() function uses a non SecureRandom.
 

 

Occurrence 2:

math/ raw/ Mod.java, Line 106.
         Random function uses a non SecureRandom.
 

We are wondering if this could cause issue. Should these use SecureRandom instead ?

 

Thanks

 

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Use of non secure random in some BouncyCastle Class

Guyomarch, Francois-Eric

Thanks for the quick reply. Indeed these are reported by code analysers. What do you mean by ‘secret’ random numbers ? Do you mean that for these specific use the quality of the standard random generator is sufficient ?

Thanks again

 

 

From: David Hook [mailto:[hidden email]]
Sent: vendredi 5 août 2016 01:49
To: [hidden email]
Subject: Re: [dev-crypto] Use of non secure random in some BouncyCastle Class

 


At the moment we don't believe these ones are an issue other than the fact that code analysers complain about them - they relate more to the need to be using random numbers than secret random numbers.

We'd certainly welcome more discussion on this though - always using SecureRandom sounds fine in a case like this till you consider possible performance issues, and the fact if you're going to make that commitment you have to make sure the SecureRandom is sourced appropriately (we had a lot of fun with the FIPS API over this, and there's still some places in the regular API where this needs to be improved). You want to make sure you're getting the benefit you're paying for.

Regards,

David

On 04/08/16 19:23, Guyomarch, Francois-Eric wrote:

Hi,

 

We have noticed that some of the bouncycastle code we use is not using SecureRandom but Random instead.

 

Version of package is: bcprov-jdk15on-154

 

Occurrence 1:

pqc/math/linearalgebra /GF2Polynomial.java , line 518:

        randomize() function uses a non SecureRandom.
 

 

Occurrence 2:

math/ raw/ Mod.java, Line 106.
         Random function uses a non SecureRandom.
 

We are wondering if this could cause issue. Should these use SecureRandom instead ?

 

Thanks

 

 

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Use of non secure random in some BouncyCastle Class

David Hook

Yes, that's correct.

Regards,

David

On 05/08/16 19:03, Guyomarch, Francois-Eric wrote:

Thanks for the quick reply. Indeed these are reported by code analysers. What do you mean by ‘secret’ random numbers ? Do you mean that for these specific use the quality of the standard random generator is sufficient ?

Thanks again

 

 

From: David Hook [[hidden email]]
Sent: vendredi 5 août 2016 01:49
To: [hidden email]
Subject: Re: [dev-crypto] Use of non secure random in some BouncyCastle Class

 


At the moment we don't believe these ones are an issue other than the fact that code analysers complain about them - they relate more to the need to be using random numbers than secret random numbers.

We'd certainly welcome more discussion on this though - always using SecureRandom sounds fine in a case like this till you consider possible performance issues, and the fact if you're going to make that commitment you have to make sure the SecureRandom is sourced appropriately (we had a lot of fun with the FIPS API over this, and there's still some places in the regular API where this needs to be improved). You want to make sure you're getting the benefit you're paying for.

Regards,

David

On 04/08/16 19:23, Guyomarch, Francois-Eric wrote:

Hi,

 

We have noticed that some of the bouncycastle code we use is not using SecureRandom but Random instead.

 

Version of package is: bcprov-jdk15on-154

 

Occurrence 1:

pqc/math/linearalgebra /GF2Polynomial.java , line 518:

        randomize() function uses a non SecureRandom.
 

 

Occurrence 2:

math/ raw/ Mod.java, Line 106.
         Random function uses a non SecureRandom.
 

We are wondering if this could cause issue. Should these use SecureRandom instead ?

 

Thanks

 

 

 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Use of non secure random in some BouncyCastle Class

Guyomarch, Francois-Eric

Thanks !

 

From: David Hook [mailto:[hidden email]]
Sent: mardi 9 août 2016 08:46
To: [hidden email]
Subject: Re: [dev-crypto] Use of non secure random in some BouncyCastle Class

 


Yes, that's correct.

Regards,

David

On 05/08/16 19:03, Guyomarch, Francois-Eric wrote:

Thanks for the quick reply. Indeed these are reported by code analysers. What do you mean by ‘secret’ random numbers ? Do you mean that for these specific use the quality of the standard random generator is sufficient ?

Thanks again

 

 

From: David Hook [[hidden email]]
Sent: vendredi 5 août 2016 01:49
To: [hidden email]
Subject: Re: [dev-crypto] Use of non secure random in some BouncyCastle Class

 


At the moment we don't believe these ones are an issue other than the fact that code analysers complain about them - they relate more to the need to be using random numbers than secret random numbers.

We'd certainly welcome more discussion on this though - always using SecureRandom sounds fine in a case like this till you consider possible performance issues, and the fact if you're going to make that commitment you have to make sure the SecureRandom is sourced appropriately (we had a lot of fun with the FIPS API over this, and there's still some places in the regular API where this needs to be improved). You want to make sure you're getting the benefit you're paying for.

Regards,

David

On 04/08/16 19:23, Guyomarch, Francois-Eric wrote:

Hi,

 

We have noticed that some of the bouncycastle code we use is not using SecureRandom but Random instead.

 

Version of package is: bcprov-jdk15on-154

 

Occurrence 1:

pqc/math/linearalgebra /GF2Polynomial.java , line 518:

        randomize() function uses a non SecureRandom.
 

 

Occurrence 2:

math/ raw/ Mod.java, Line 106.
         Random function uses a non SecureRandom.
 

We are wondering if this could cause issue. Should these use SecureRandom instead ?

 

Thanks

 

 

 

 

Loading...