All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class cryptix.pgp.FileRandomStream

java.lang.Object
   |
   +----java.io.InputStream
           |
           +----cryptix.math.RandomStream
                   |
                   +----cryptix.math.PseudoRandomStream
                           |
                           +----cryptix.security.CSRandomStream
                                   |
                                   +----cryptix.pgp.FileRandomStream

public class FileRandomStream
extends CSRandomStream
A random stream that uses a seed file to provide an initial source of entropy. When the object is finalized, the seed file is updated (it can also be updated explicitly).

As well as the seed file, entropy is taken from the following possibly-unpredictable sources:

The GUI is a better source of entropy than some of these methods (especially for applets), but is not included here since Cryptix is non-GUI.

If neither SecureRandom nor /dev/random are available (i.e. Java 1.0.2 on most platforms other than Linux), the security of this may be a little suspect. We should really implement SecureRandom (and SeedGenerator) for Java 1.0.2.

SECURITY: in the previous version, this class could in theory be exploited by untrusted code to clobber the seed file (which can be any filename). This could be bad for certain OS or other configuration files, possibly leading to a more serious exploit.

This version includes a security check that the caller is allowed to write to the seed file.

Copyright © 1995-1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.1.1.1 $

Author:
original author unknown, David Hopwood

Constructor Index

 o FileRandomStream()
Constructs a FileRandomStream with no seed file.
 o FileRandomStream(File)
Constructs a FileRandomStream with the given seed file.

Method Index

 o add(byte[])
Add some entropy to the generator.
 o finalize()
 o init(File)
(Re-)initializes the generator.
 o readSeedFile()
Add entropy from the seed file.
 o updateSeedFile()
Update the seed file.

Constructors

 o FileRandomStream
 public FileRandomStream() throws IOException
Constructs a FileRandomStream with no seed file.

 o FileRandomStream
 public FileRandomStream(File seed_file) throws IOException
Constructs a FileRandomStream with the given seed file.

Throws: SecurityException
the current security manager's checkWrite method is called with the absolute path of seed_file (if it is non-null).

Methods

 o init
 public synchronized void init(File seed_file) throws IOException
(Re-)initializes the generator. This will attempt to gather somewhat-unpredictable input from various sources, in addition to the seed file.

seed_file may be null if no seed file is to be used.

Throws: SecurityException
the current security manager's checkWrite method is called with the absolute path of seed_file (if it is non-null).
 o finalize
 protected void finalize()
Overrides:
finalize in class Object
 o add
 public void add(byte entropy[])
Add some entropy to the generator.

Overrides:
add in class CSRandomStream
 o readSeedFile
 public synchronized void readSeedFile()
Add entropy from the seed file.

 o updateSeedFile
 public synchronized void updateSeedFile() throws IOException
Update the seed file.


All Packages  Class Hierarchy  This Package  Previous  Next  Index