jPBC may use PRNG for CPABE crypto operations
Notice: This bug has been reported to the maintainer and their university six months before it is disclosed in this issue. Neither of them replied to the bug report, so there is no other option than to publicly disclose it. The library is used throughout several CPABE components within the ASCLEPIOS framework.
In the jPBC library version 2.0.0 there is a security-relevant bug in jpbc-plaf/src/main/java/it/unisa/dia/gas/plaf/jpbc/util/math/BigIntegerUtils.java
in line 311.
The call to the SecureRandom() default constructor does not specify an algorithm and thus the library falls back to a default algorithm.
SecureRandom()
Constructs a secure random number generator (RNG) implementing the default random number algorithm.
Instead, the static getInstance(String)
method or one of its overloads should be used to specify the algorithm, e.g. NativePRNG
. It is documented here:
getInstance(String algorithm)
Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
Unfortunately, the documentation does not name which algorithm is the default but the SecureRandom class supports PRNG that take only a truly random seed!
SHA1PRNG
The name of the pseudo-random number generation (PRNG) algorithm supplied by the SUN provider. This algorithm uses SHA-1 as the foundation of the PRNG. It computes the SHA-1 hash over a true-random seed value concatenated with a 64-bit counter which is incremented by 1 for each operation. From the 160-bit SHA-1 output, only 64 bits are used. [Java documentation]