This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Java in General and the fly likes [SECURITY][SecureRandom] Problem! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "[SECURITY][SecureRandom] Problem!" Watch "[SECURITY][SecureRandom] Problem!" New topic
Author

[SECURITY][SecureRandom] Problem!

Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hi everybody!

I wrote this little program :


My problem is when the method :



is executed : nothing occurs!

I don't understand what happen!

thanks before for your help!!

@+

fabszn


@+<br /> <br />Fabszn
Grant Gainey
Ranch Hand

Joined: Oct 16, 2005
Posts: 65
Perhaps I'm misunderstanding your question. SecureRandom.nextBytes(byte[]) fills the byte[] with random bytes - each call will fill it differently. So, the following code:produces the following output on my machine:Your code isn't doing anything with those bytes. What are you expecting to happen?

Grant

[Edited for typo]
[ October 19, 2005: Message edited by: G Gainey ]

In Theory, there is no difference between theory and practice.<br />In Practice, there is no relationship between theory and practice.
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

Thank u for your answer!

In theory, I use this code for encryption of one password.

I'm sorry about my english writing...

I believe I found why my code it doesn't work.
The reason, I think, is cause of certificat.

I follow this way about certificat, I give you return if I found any solutions.

in a friendly way

Fabszn
[ October 20, 2005: Message edited by: Fabrice SZNAJDERMAN ]
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

In fact, I use this code :


I can read on the web, the problem was to be bind to the certificat.
I don't understand how it work between SecureRandom's class and certificat.

Have you got an idea?

Thank before for your help!
Grant Gainey
Ranch Hand

Joined: Oct 16, 2005
Posts: 65
I don't know what Crypto.getRandom() is doing - where is that coming from? It's not "standard" Java.

I'm also afraid that I don't understand what problem you're having at this point. It's certainly a language problem - but your English is certainly better than my anything-other-than-English, so don't feel bad!

Can you tell us a little more about what you're trying to accomplish and exactly what problem you're currently having?

Grant
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

Thank u for your answer!

Crypto.getRandom() coming from the CCM API
You can see the details here :Crypto API Doc.

In fact, I work on portal project for my company.
For this project they used Content Manager from RedHat who's name RedHatCCM.
For the needs , they decompiled the CCM's core API.

My problem is : When an user log him on the application, it get his password and login.
With that , check if the user is existing in LDAP. If the user exist, the system add the user in the RedHatCCM's Database.
For this, it must encrypt the password found in LDAP.

For encrypt the password, the system use this code :

....
byte salt[] = new byte[16];
SecureRandom sr = Crypto.getRandom();
sr.nextBytes(salt);
....

When this code is executing, the program remains blocked in the method : nextBytes(salt);

I don't know why...


Have you an idea?


Thank in advance!

Fabrice
Grant Gainey
Ranch Hand

Joined: Oct 16, 2005
Posts: 65
Ah - you're running on Linux, I assume. I seem to recall that there's an issue with /dev/random on Linux. There's a way to point SecureRandom at /dev/urandom, I think. I don't recall what it is - but if you do some Googleing on "SecureRandom /dev/random hang" you'll likely get some good results.

SecureRandom needs a pool of entropy in order to provide truly random data. /dev/random is the device that's designed for that - but if it doesn't have enough "randomness", it blocks until it's happy. This can cause initializing SecureRandom. or reads from it, to take forever. urandom isn't as good a source, but it won't hang your app either.

Grant
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

Thanks u for your answer

Yes My application run on Linux..
I already tried to solve my problem by this way...
I changed the java.security file of my Jre.
I tried to put the parameter directly on the command line of my application.
But,with my large to desespoir, nothing occurs.

I'm working on this problem since one week...I must fill up my ideas because my ideas' bag is empty..;-)

the waste thing about my problem, there is no exception..

I don't know which way I can follow now...

Fabrice
Grant Gainey
Ranch Hand

Joined: Oct 16, 2005
Posts: 65
Hrm. Have you tried on the RedHat forums? Also - is there a specific reason you can't just use the SecureRandom provided with the JDK? I don't see anything in the ArsDigita stuff that would break if you just used the JDK "new SecureRandom()" call (admittedly, after only a cursory skim of the AD docs...)

What version of RedHat are you using? What version of the JDK?

There are lots of people with ideas here - I'm sure we'll get your bag refilled!

Grant
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

I apologize, I forgot to tell you something.
There is two environments where running the application.

The dev environment's and the product's environment.

On the dev's env. it works fine. It on the product's env. it doesn't works.
the dev's env. it's a RedHat Linux 2.4.18-3smp and on the other env. it's Redhat linux 2.6.13.1-grsu On both server it is JDK 1.4.1 used

I agree with you,it isn't a best practice to use a different environments. But I have no choice about that.

so where is my bag of ideas....
[ October 21, 2005: Message edited by: Fabrice SZNAJDERMAN ]
Grant Gainey
Ranch Hand

Joined: Oct 16, 2005
Posts: 65
Different environments are ok - although I'm a little surprised that your dev-env is back-level from your production one, it's usually the other way around.

So, if you're running the same JVM on both (1.4.1? Ew. There were some significant fixes in 1.4.2; not sure if any were in this specific area), then there must be something about 2.6.2 that's causing problems. Any responses from RedHat? And I say again - any reason you have to use the Crypto.getSecureRandom, instead of just using the one built into 1.4?

Grant
Fabrice SZNAJDERMAN
Greenhorn

Joined: Nov 17, 2004
Posts: 27
Hello,

Yes I'm agree with about the differents environements. I started my job in this company, in 3 october... And I discover the env. little by little.

I look for the Redhat Forum's and I've no answer at this time.

About Crypto.getRandom, It's like that was implemented in RedHatCCM core.
I tried ti use new SecureRandom() and it's the same result.
I decompiled Crypto class: you can see the code of getRandom() method :


public static SecureRandom getRandom()
throws GeneralSecurityException
{
if(s_random == null)
s_random = SecureRandom.getInstance(RANDOM_ALGO);
return s_random;
}

I must leave now... but I do search this week end..
Thank you very much for help... Hope to see you on monday!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: [SECURITY][SecureRandom] Problem!