Java: Keep SecureRandom (SHA1PRNG) seed secret - calculate hash before
seeding?
I'm using SecureRandom with SHA1PRNG to generate a random sequence. I
won't let SecureRandom seed itself, I'm using my own values to seed it.
(Please don't tell me that this is unsafe, I have my reasons for doing
this).
However, I don't want anyone to know what seed I used. The seed must
remain secret and it shouldn't be possible to recalculate the seed from
the random sequence.
Does it make sense to calculate the SHA-512 from my value and seed
SecureRandom with it? Or will SecureRandom create a SHA1 hash from the
seed itself?
Long story short: Should I seed SecureRandom with "value".getBytes() or
with the SHA-512 hash of "value", if I want to keep "value" secret?
Where can I find information how the SHA1PRNG algorithm works?
No comments:
Post a Comment