From 38c87148d70feee079830ade53cd8a78d2eecf30 Mon Sep 17 00:00:00 2001
From: Aaron Zauner <azet@azet.org>
Date: Sun, 4 Nov 2018 00:27:18 +0100
Subject: [PATCH] replace SecureRandom impl. with best available

Currently `Util.java` uses the SHA1PRNG algorithm by Sun/Oracle
to get randomness for `nextBytes` etc. - from the documentation"

```
** On Solaris, Linux, and OS X, if the entropy gathering device in
java.security is set to file:/dev/urandom or file:/dev/random, then
NativePRNG is preferred to SHA1PRNG. Otherwise, SHA1PRNG is preferred.
```

and:

```
The following algorithms are available in the SUN provider:

[...]

SecureRandom
{
SHA1PRNG (Initial seeding is currently done via a combination of system attributes and the java.security entropy gathering device)
NativePRNG (nextBytes() uses /dev/urandom, generateSeed() uses /dev/random)
NativePRNGBlocking (nextBytes() and generateSeed() use /dev/random)
NativePRNGNonBlocking (nextBytes() and generateSeed() use /dev/urandom)
}
```
via: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SecureRandomImp

Using `/dev/urandom` (non-blocking, reworked in new linux kernel
releases) also reflects the opinion of many leading cryptographers over
any other solution of PRNGs out there, here's two blog posts to
underline this/my statement:
- https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
- https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/
- https://www.2uo.de/myths-about-urandom

Since we're not re-seeding a lot we're good using a blocking /dev/random
for seed generation (which is thus also more secure) and a faster, newly
re-written implementation of /dev/urandom for random bytes. I think this
is the best choice we have available here.

I did also give a talk on the subject matter, in case you're interested
a year ago: https://www.youtube.com/watch?v=Yx4RroggBzI (including
mentioned changes to Linux's CSPRNG design).
---
 src/main/java/org/asamk/signal/util/Util.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/asamk/signal/util/Util.java b/src/main/java/org/asamk/signal/util/Util.java
index 19695ec6..2490c41e 100644
--- a/src/main/java/org/asamk/signal/util/Util.java
+++ b/src/main/java/org/asamk/signal/util/Util.java
@@ -21,7 +21,7 @@ public class Util {
 
     private static SecureRandom getSecureRandom() {
         try {
-            return SecureRandom.getInstance("SHA1PRNG");
+            return SecureRandom.getInstance("NativePRNG");
         } catch (NoSuchAlgorithmException e) {
             throw new AssertionError(e);
         }