[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug #835] Incorrect implementation of SHA1PRNG.java
From: |
nobody |
Subject: |
[Bug #835] Incorrect implementation of SHA1PRNG.java |
Date: |
Sun, 09 Feb 2003 14:54:39 -0500 |
=================== BUG #835: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85
Changes by: Brian Jones <address@hidden>
Date: 2003-Feb-09 14:54 (US/Eastern)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | None | Fixed
Status | Analyzed | Closed
=================== BUG #835: FULL BUG SNAPSHOT ===================
Submitted by: None Project: classpath
Submitted on: 2002-Jul-09 20:23
Severity: 5 - Major Resolution: Fixed
Assigned to: cbj Status: Closed
Platform Version: None
Summary: Incorrect implementation of SHA1PRNG.java
Original Submission: SHA1PRNG.java is implemented incorrectly and produces
completely wrong sequence of pseudo-random numbers.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2003-Feb-09 14:52 By: cbj
Raif S. Naffaf of GNU Crypto fame took a look and gave us a patch which should
make it possible to use your encrypt/decrypt reliably with GNU Classpath,
however it probably won't be possible to use interoperably with Sun's VM unless
more details are determined surrounding their seeding mechanism. He also
corrected the Mauve test.
-------------------------------------------------------
Date: 2003-Jan-26 23:44 By: cbj
I have seen a patch for SHA1PRNG on the Kaffe mailing list that was never
thoughtfully forwarded onward to us. I'm not sure it will help other than to
maybe correct our broken implemenation of SHA1PRNG (if it is broken and I've
not confirmed). That patch is here,
http://www.kaffe.org/pipermail/kaffe/2002-June/008278.html. Could you see if
that helps? I've also tried to take a stab at creating a Mauve test case and
I'll upload that here so you can play with it. I didn't find any obvious
duplication of values however.
-------------------------------------------------------
Date: 2003-Jan-25 19:10 By: cbj
Putting this back in an "Open" state just so I don't lose track of it.
-------------------------------------------------------
Date: 2003-Jan-25 19:09 By: cbj
I have started looking at your test attachment.
-------------------------------------------------------
Date: 2002-Jul-23 11:03 By: None
It's been a couple of weeks already, so I may not remember all the details.
There are two issues. The first one is that if you try to generate <=20 random
numbers, given the same seed, classpath implementation gives completely
different sequence of numbers from that of Sun's code (maybe it generates the
same output disregarding seed value - I do not remember). The second issue is
that if you try to generate >20 random numbers, classpath starts repeating
previously generated 20 values instead of generating new ones.
I will try to find my tests and submit them later.
-------------------------------------------------------
Date: 2002-Jul-22 19:15 By: mark
Could you provide more information? What were you expecting? Do you have some
sample code or a test case?
CC list is empty
File Attachments
****************
-------------------------------------------------------
Date: 2003-Jan-26 23:44 Name: SHA1PRNG.java Size: 1KB By: cbj
Potential Mauve test case
http://savannah.gnu.org/bugs/download.php?group_id=85&bug_id=835&bug_file_id=263
-------------------------------------------------------
Date: 2002-Jul-23 12:05 Name: test.tar.gz Size: 3KB By: None
If you try to run serial.class on Sun/IBM JDK and then on any JVM that uses
classpath, the sequences of random numbers that Cipher outputs will be
completely different
http://savannah.gnu.org/bugs/download.php?group_id=85&bug_id=835&bug_file_id=56
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=835&group_id=85