Revisions to Java SimpleCrypto Class for encryption / decryption producing different results in Coldfusion 9 and Java (Android)

added 114 characters in body

edited Apr 4, 2018 at 13:32

94.6k
15
169
289

The getRawKey() method is flawed. It uses an instance of SecureRandom instead of a key derivation function (KDF).

Depending on the implementation, the setSeed() method will either add the seed to the current state or it will use it as the only seed. The Oracle provider in Java SE 7 and before will use it as the single seed, other providers such as those based on OpenSSL in the latest versions of Android may simply add the seed to the state. This means that the retrieved key may indeed be entirely random; anything encrypted with it can therefore not be decrypted, ever.

Furthermore, the exact implementation of "SHA1PRNG" has not been well defined. So different providers may use a different implementations. Please use SecureRandom instances for random number generation only.

If you have a password, use a Password Based Key Derivation Function such as PBKDF2 to convert it to a suitable key. If you have a secret with enough entropy, you could try and find an implementation of a Key Based Key Derivation Function (KBKDF), for instance HKDF in Bouncy Castle.

Besides the key derivation, there are encoding/decoding issues with that sample code as well. Don't use it, it is a terrible exampleIt also uses the insecure ECB mode of operation (the default for Java in the Oracle provider).

Don't use SimpleCrypto, it is a terrible example.

The getRawKey() method is flawed. It uses an instance of SecureRandom instead of a key derivation function (KDF).

Depending on the implementation, the setSeed() method will either add the seed to the current state or it will use it as the only seed. The Oracle provider in Java SE 7 and before will use it as the single seed, other providers such as those based on OpenSSL in the latest versions of Android may simply add the seed to the state. This means that the retrieved key may indeed be entirely random; anything encrypted with it can therefore not be decrypted, ever.

Furthermore, the exact implementation of "SHA1PRNG" has not been well defined. So different providers may use a different implementations. Please use SecureRandom instances for random number generation only.

If you have a password, use a Password Based Key Derivation Function such as PBKDF2 to convert it to a suitable key. If you have a secret with enough entropy, you could try and find an implementation of a Key Based Key Derivation Function (KBKDF), for instance HKDF in Bouncy Castle.

Besides the key derivation, there are encoding/decoding issues with that sample code as well. Don't use it, it is a terrible example.

The getRawKey() method is flawed. It uses an instance of SecureRandom instead of a key derivation function (KDF).

Depending on the implementation, the setSeed() method will either add the seed to the current state or it will use it as the only seed. The Oracle provider in Java SE 7 and before will use it as the single seed, other providers such as those based on OpenSSL in the latest versions of Android may simply add the seed to the state. This means that the retrieved key may indeed be entirely random; anything encrypted with it can therefore not be decrypted, ever.

Furthermore, the exact implementation of "SHA1PRNG" has not been well defined. So different providers may use a different implementations. Please use SecureRandom instances for random number generation only.

If you have a password, use a Password Based Key Derivation Function such as PBKDF2 to convert it to a suitable key. If you have a secret with enough entropy, you could try and find an implementation of a Key Based Key Derivation Function (KBKDF), for instance HKDF in Bouncy Castle.

Besides the key derivation, there are encoding/decoding issues with that sample code as well. It also uses the insecure ECB mode of operation (the default for Java in the Oracle provider).

Don't use SimpleCrypto, it is a terrible example.

added 136 characters in body

Source Link

edited Jan 16, 2018 at 13:07

Maarten Bodewes

94.6k
15
169
289

The getRawKey() method is flawed. It uses an instance of SecureRandom instead of a key derivation function (KDF).

Depending on the implementation, the setSeed() method will either add the seed to the current state or it will use it as the only seed. The Oracle provider in Java SE 7 and before will use it as the single seed, other providers such as those based on OpenSSL in the latest versions of Android may simply add the seed to the state. This means that the retrieved key may indeed be entirely random; anything encrypted with it can therefore not be decrypted, ever.

Furthermore, the exact implementation of "SHA1PRNG" has not been well defined. So different providers may use a different implementations. Please use SecureRandom instances for random number generation only.

If you have a password, use a Password Based Key Derivation Function such as PBKDF2 to convert it to a suitable key. If you have a secret with enough entropy, you could try and find an implementation of a Key Based Key Derivation Function (KBKDF), for instance HKDF in Bouncy Castle.

Besides the key derivation, there are encoding/decoding issues with that sample code as well. Don't use it, it is a terrible example.

The getRawKey() method is flawed. It uses an instance of SecureRandom instead of a key derivation function (KDF).

Depending on the implementation, the setSeed() method will either add the seed to the current state or it will use it as the only seed. The Oracle provider in Java SE 7 and before will use it as the single seed, other providers such as those based on OpenSSL in the latest versions of Android may simply add the seed to the state.