Randomly Failed! The State of Randomness in Current Java Implementations

  • Kai Michaelis
  • Christopher Meyer
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7779)


This paper investigates the Randomness of several Java Runtime Libraries by inspecting the integrated Pseudo Random Number Generators. Significant weaknesses in different libraries including Android, are uncovered.


Random Number Generator Initialization Vector Stream Cipher Pseudo Random Number Generator Secret State 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gupta, A., Cozza, R., Nguyen, T.H., Milanesi, C., Shen, S., Vergne, H.J.D.L., Zimmermann, A., Lu, C., Sato, A., Glenn, D.: Market Share: Mobile Devices, Worldwide, 1Q12. Technical report, Garnter, Inc. (May 2012)Google Scholar
  2. 2.
    Nielsen: Two Thirds of New Mobile Buyers Now Opting For Smartphones. Technical report, The Nielsen Company (June 2012)Google Scholar
  3. 3.
    Bennett, J.: Android Smartphone Activations Reached 331 Million in Q1 2012 Reveals New Device Tracking Database from Signals and Systems Telecom. Technical report, Signals and Systems Telecom (May 2012)Google Scholar
  4. 4.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (August 1986)Google Scholar
  5. 5.
    Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the Linux Random Number Generator. In: IEEE Symposium on Security and Privacy (2006)Google Scholar
  6. 6.
    Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the windows random number generator. In: ACM Conference on Computer and Communications Security (2007)Google Scholar
  7. 7.
    Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In: Proceedings of the 21st USENIX Security Symposium (August 2012)Google Scholar
  8. 8.
    Agyros, G., Kiayias, A.: I forgot your password: Randomness attacks against PHP applications. In: Proceedings of the 21st USENIX Security Symposium. USENIX Association (2012)Google Scholar
  9. 9.
    Kopf, G.: Non-Obvious Bugs by Example (2010), http://gregorkopf.de/slides_berlinsides_2010.pdf
  10. 10.
    Meyer, C., Somorovsky, J.: Why seeding with System.currentTimeMillis() is not a good idea (January 2012), http://armoredbarista.blogspot.de/2012/01/why-seeding-with-systemcurrenttimemilli.html
  11. 11.
    Lenstra, A., Hughes, J., Augier, M., Bos, J., Kleinjung, T., Wachter, C.: Public Keys. In: Advances in Cryptology CRYPTO 2012. LNCS. Springer, Heidelberg (2012)Google Scholar
  12. 12.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Cryptanalytic Attacks on Pseudorandom Number Generators. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 168–188. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Brown, R.G., Eddelbuettel, D., Bauer, D.: Dieharder: A Random Number Test Suite. Technical report, Duke University (2012)Google Scholar
  14. 14.
    Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S., Bassham III, L.E.: A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications. Technical report, National Institute of Standards and Technology (NIST) (April 2010)Google Scholar
  15. 15.
    Lee, E.H., Lee, J.H., Park, I.H., Cho, K.R.: Implementation of high-speed SHA-1 architecture. IEICE Electronics Express (2009)Google Scholar
  16. 16.
    Zoltak, B.: VMPC One-Way Function and Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Google Inc.: javax.crypto — Android Developers (July 2012)Google Scholar
  18. 18.
    McDonald, C., Hawkes, P., Pieprzyk, J.: Differential Path for SHA-1 with complexity O(2^52). IACR Cryptology ePrint Archive (2009)Google Scholar
  19. 19.
    Wikipedia: Preimage attack — Wikipedia, The Free Encyclopedia (accessed August 24, 2012)Google Scholar
  20. 20.
    Handschuh, H., Knudsen, L.R., Robshaw, M.: Analysis of SHA-1 in Encryption Mode. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 70–83. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A (2005)Google Scholar
  22. 22.
    Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers (2007) (corrected)Google Scholar
  23. 23.
    Li, S., Hu, Y., Zhao, Y., Wang, Y.: Improved cryptanalysis of the vmpc stream cipher. Journal of Computational Information Systems (2012)Google Scholar
  24. 24.
    Sverdlove, H., Brown, D., Cilley, J., Munro, K.: Orphan Android: Top Vulnerable Smartphones 2011. Technical report, Bit9, Inc. (November 2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Kai Michaelis
    • 1
  • Christopher Meyer
    • 1
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations