be0d3e368ca9459430cbae93cf96c40413696027 |
|
17-Dec-2015 |
Matthew Swift <matthew.swift@forgerock.com> |
OPENDJ-2558 - use secure PRNG for encryption IVs
The initial fix is to use the default secure PRNG for the JVM. Unless
overridden in the the JVM's configuration, "NativePRNG" will be used on
*nix systems and "SHA1PRNG" on Windows.
Note that NativePRNG consumes entropy from /dev/urandom using blocking
reads, and that SHA1PRNG has been reported to block less frequently, as
well as being more performant. We will use the default algorithm despite
the potential performance issue on *nix for three reasons:
* it is obviously the "preferred" algorithm chosen by the JVM vendor
* allows the administrator to override the algorithm/provider by
explicitly configuring their JVM parameters
* we automatically adapt to changes in the default algorithm based on
JVM version/vendor.
We may want to revisit this choice if we find that it becomes a
performance bottleneck. This may occur when performing bulk encryption
of sensitive attributes such as user passwords. Usually this is not the
case since passwords are hashed rather than encrypted. |