luciano/nippy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Crypto] Tune prng re-seeding frequency

Browse source
This commit is contained in:
Peter Taoussanis 2018-09-15 22:09:06 +02:00
parent bfc65f0970
commit f6c17a7411
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/taoensso/nippy/crypto.clj
View file

@ -18,8 +18,10 @@
"Favours security over performance. May block while waiting on system entropy!" "Favours security over performance. May block while waiting on system entropy!"
^java.security.SecureRandom [] ^java.security.SecureRandom []
(let [rng ^java.security.SecureRandom (.get ^ThreadLocal prng*)] (let [rng ^java.security.SecureRandom (.get ^ThreadLocal prng*)]
;; For additional security, occasionally supplement current seed, Ref. https://goo.gl/MPM91w: ;; Occasionally supplement current seed for extra security.
(when (< (.nextDouble rng) 1.0E-4) (.setSeed rng (.generateSeed rng 8))) ;; Otherwise an attacker could *theoretically* observe large amounts of
;; prng output to determine initial seed, Ref. https://goo.gl/MPM91w
(when (< (.nextDouble rng) 2.44140625E-4) (.setSeed rng (.generateSeed rng 8)))
rng)) rng))
(defn rand-bytes "Uses `prng`" ^bytes [size] (let [ba (byte-array size)] (.nextBytes (prng) ba) ba)) (defn rand-bytes "Uses `prng`" ^bytes [size] (let [ba (byte-array size)] (.nextBytes (prng) ba) ba))