Using SecureRandom with SHA-256

Question

Using SecureRandom with SHA-256

I used SecureRandom with the seeded SHA1PRNG algorithm to create a common randomness between the two processes. I recently learned that SHA1 is deprecated in accordance with NIST standards, so we are making efforts to switch to SHA256. The problem I discovered is that SecureRandom ONLY supports SHA1PRNG, at least according to the Oracle documentation . I was wondering if there is a way to use SecureRandom with SHA256 or is it probably better, which is a suitable alternative to using SecureRandom?

+8

java cryptography sha prng

David K Oct 4 '12 at 16:04

source share

2 answers

I agree with the expression of Victor as a whole. But as an additional clarification, in section 4 of NIST SP800-131a there is a table that separates RNGs not using RBG, as indicated in NIST SP800-90, or ANSI X9.62-2005 will not be available in 2015.

+3

garthoid Feb 07 '13 at 21:15

source share

Victor ronin · Accepted Answer · 2012-10-05T18:55:31+0000

David, as I understand it, you mean this document: http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

Maybe I'm missing something. However, what he says:

From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit.

However, he says below

 For all other hash function applications, the use of SHA-1 is acceptable. The other applications include HMAC, Key Derivation Functions (KDFs), Random Number Generation (RNGs and RBGs), and hash-only applications (eg, hashing passwords and using SHA-1 to compute a checksum, such as the approved integrity technique specified in Section 4.6.1 of [FIPS 140-2]).

So, since I understand that SHA1 is suitable for generating random numbers.

Using SecureRandom with SHA-256

More articles: