5 Replies Latest reply: Apr 1, 2011 5:04 AM by jduprez RSS

    String.random() unsufficiently random

    jduprez
      Hello,

      one article was brought to my attention this morning (see link below): it states that method java.lang.String.random() generates semi-predictable character sequences.
      Every Java and non-Java programmer knows that usual numeric random APIs are only approximately random, based on arithmetic formulaes involving a big number of bits, but once seeded with a reasonably unpredictable value, such as a timestamp or user gesture, these semi-randoms give reasonably trustable randomness.

      But it seems that the java.lang.String developer(s) unwisely chose to not reuse [url http://download.oracle.com/javase/6/docs/api/java/lang/Math.html#random%28%29]java.lang.Math.random() or its underlying primitive [url http://download.oracle.com/javase/6/docs/api/java/util/Random.html]java.util.Random, and instead promoted his own scheme, based on Poisson's formula. Unfortunately that latter doesn't work with integral types such as char, the rounding approximations chopping too many random bits apart.

      The net result is that application that rely on [url http://download.oracle.com/javase/6/docs/api/java/lang/String.html]String.random() for security purposes (such as, generating a random challenge to test password hashes,etc..) may be attacked easily. The [url http://en.wikipedia.org/wiki/April_Fools_Day]CNET article states that it hasn't be verified, as of now, whether Java's JSSE (SSL supporting library bundled in the JDK) is impacted.

      Best regards,

      J.

      Edited by: jduprez on Apr 1, 2011 11:57 AM
      Link to article added - Esmond, what a killjoy you are! ;)