Reputation: 1982
Does SecureRandom reduce entropy of pseudo-random data?
I was wondering about random (or pseudo random) sequence generation in Docker containers, but came across another interesting behavior.
When reading 8000000 bytes directly from /dev/urandom and testing result with ENT gives the following:
Entropy = 7.999976 bits per byte.
Optimum compression would reduce the size
of this 8000000 byte file by 0 percent.
Chi square distribution for 8000000 samples is 262.08, and randomly
would exceed this value 36.69 percent of the times.
Arithmetic mean value of data bytes is 127.5337 (127.5 = random).
Monte Carlo value for Pi is 3.139911785 (error 0.05 percent).
Serial correlation coefficient is -0.000101 (totally uncorrelated = 0.0).
But in case of generating 1000000 DES keys the output of ENT gives the following:
Entropy = 6.999990 bits per byte.
Optimum compression would reduce the size
of this 8000000 byte file by 12 percent.
Chi square distribution for 8000000 samples is 8000217.63, and randomly
would exceed this value less than 0.01 percent of the times.
Arithmetic mean value of data bytes is 127.4870 (127.5 = random).
Monte Carlo value for Pi is 3.145497786 (error 0.12 percent).
Serial correlation coefficient is 0.000033 (totally uncorrelated = 0.0).
Code used to generate 1000000 keys:
KeyGenerator des = KeyGenerator.getInstance("DES");
IntStream.range(0, 1_000_000).forEach(j -> {
SecretKey secretKey = des.generateKey();
System.out.write(secretKey.getEncoded());
});
Entropy is lower and Chi square distribution shows that distribution is not random anymore.
So I am wondering if SecureRandom implementation of Java just reduces an entropy and reading values directly from
urandom might be a better choice.
Upvotes: 0
Views: 330
Answers (1)
Reputation: 5828
Nothing here indicates a problem with SecureRandom.
You're getting the "only 7 bits of entropy per byte" result for your DES keys because that's what DES keys have. A DES key is 8 bytes long but only 56 of those 64 bits (i.e. 7 bits per byte) are random. The 8th bit in each byte is reserved for use as a parity bit for that byte. The value of the parity bit is obviously highly correlated with the values of the other 7 bits, and therefore that bit is not at all random. See DES at Wikipedia for more background.
You should get a more comforting result if you try your test again with a key generator for an algorithm that uses all-random keys, like "AES".
Upvotes: 1
Related Questions
- How to deal with a slow SecureRandom generator?
- SecureRandom: init once or every time it is needed?
- Is SecureRandom weaken when seed with Random?
- Should I seed a SecureRandom?
- Difference between java.util.Random and java.security.SecureRandom
- Could SecureRandom produces predictable random sequence
- Behaviour of SecureRandom
- Random vs SecureRandom in a game
- JDK 1.7 Secure Random Generator seeding & unpredictability
- Does the SHA1PRNG algorithm for SecureRandom use /dev/random for entropy?