[Bug classpath/22644] Incorrect implementation of SHA1PRNG.java

bug-classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/22644] Incorrect implementation of SHA1PRNG.java

From:	gcc-bugzilla at gcc dot gnu dot org
Subject:	[Bug classpath/22644] Incorrect implementation of SHA1PRNG.java
Date:	16 Oct 2005 01:26:12 -0000

SHA1PRNG.java is implemented incorrectly and produces completely wrong sequence
of pseudo-random numbers.


------- Comment #1 from from-classpath at savannah dot gnu dot org  2002-07-22 
23:15 -------
Could you provide more information? What were you expecting? Do you have some
sample code or a test case?


------- Comment #2 from from-classpath at savannah dot gnu dot org  2002-07-23 
15:03 -------
It's been a couple of weeks already, so I may not remember all the details.

There are two issues.  The first one is that if you try to generate <=20 random
numbers, given the same seed, classpath implementation gives completely
different sequence of numbers from that of Sun's code (maybe it generates the
same output disregarding seed value - I do not remember).  The second issue is
that if you try to generate >20 random numbers, classpath starts repeating
previously generated 20 values instead of generating new ones.

I will try to find my tests and submit them later.


------- Comment #3 from from-classpath at savannah dot gnu dot org  2003-01-26 
00:09 -------
I have started looking at your test attachment.


------- Comment #4 from from-classpath at savannah dot gnu dot org  2003-01-26 
00:10 -------
Putting this back in an "Open" state just so I don't lose track of it.


------- Comment #5 from from-classpath at savannah dot gnu dot org  2003-01-27 
04:44 -------
I have seen a patch for SHA1PRNG on the Kaffe mailing list that was never
thoughtfully forwarded onward to us.  I'm not sure it will help other than to
maybe correct our broken implemenation of SHA1PRNG (if it is broken and I've
not confirmed).  That patch is here,
http://www.kaffe.org/pipermail/kaffe/2002-June/008278.html.  Could you see if
that helps?  I've also tried to take a stab at creating a Mauve test case and
I'll upload that here so you can play with it.  I didn't find any obvious
duplication of values however.


------- Comment #6 from from-classpath at savannah dot gnu dot org  2003-02-09 
19:52 -------
Raif S. Naffaf of GNU Crypto fame took a look and gave us a patch which should
make it possible to use your encrypt/decrypt reliably with GNU Classpath,
however it probably won't be possible to use interoperably with Sun's VM unless
more details are determined surrounding their seeding mechanism.  He also
corrected the Mauve test.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22644

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug classpath/22644] Incorrect implementation of SHA1PRNG.java, gcc-bugzilla at gcc dot gnu dot org <=

Prev by Date: [Bug classpath/22646] String.trim off by one on lead whitespace
Next by Date: [Bug classpath/22648] File link on savannah doesn't work
Previous by thread: [Bug classpath/22646] String.trim off by one on lead whitespace
Next by thread: [Bug classpath/22648] File link on savannah doesn't work
Index(es):
- Date
- Thread