[SERVER-9058] Use FIPS-140-2 Approved Pseudorandom Number Generator for SecureRandom Created: 21/Mar/13 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Description |
|
On systems with a /dev/urandom, we defer to the operating system for our source of secure pseudorandom numbers. On other systems, we sort of let the ball drop. We should use a FIPS-140-2 compliant PRNG for SecureRandom on all systems, one way or another. |
| Comments |
| Comment by Mark Benvenuto [ 08/Sep/15 ] |
|
CNG in WIndows is FIPS-140-2 certified. See https://msdn.microsoft.com/en-us/library/windows/desktop/bb204775%28v=vs.85%29.aspx
|