PRNG seeded by key in java

Question

I need to create numbers pseudo randomly using a key. key is a string converted to byte array. This is what i came up with:

    int N=10;
    int key[]= {13,10,1,5};
    int tmp,j=0;
    for (int i=0; i < N; i++) { 
        j = (j + key[i % key.length]) % N; 
        System.out.println(j);
    }

This code is taken from PRNG of RC4 and modified. Its not working as expected, values are repeating.

The above code is not generating numbers form 0 to 10 randomly. I thought that was implied. :) — Amar C, Apr 15 '13 at 13:46
What is the reasoning behind the modifications to RC4? Why not use [`new SecureRandom(myByteArray)`](http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html#SecureRandom%28byte[]%29)? Note, `SecureRandom` supports [RC4 & ARCFOUR](http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecureRandom). — Mike Samuel, Apr 15 '13 at 14:19
Can i use securerandom to generate all the numbers between a range randomly ? — Amar C, Apr 15 '13 at 17:40

score 2 · Answer 1 · answered Apr 16 '13 at 15:33

This code will give you a consistent, random permutation of the numbers 0 to 9... the permutation is random, but will be consistently the same with the same key

public static void main(String[] args) throws Exception
{
    byte key[]= {13,2,4,6,7}; 
    SecureRandom random = new SecureRandom(key); 

    List<Integer> nums = new ArrayList<Integer>();
    for (int i = 0; i < 10; i++) { 
        nums.add(i);
    }

    Collections.shuffle(nums,random);

    for(Integer n: nums) {
        System.out.println(n);
    }
}

score 1 · Answer 2 · 2013-04-15T14:25:45.197

1

Well, the first problem is that you're trying to make a PRG from a four-byte key. This is going to be inherently insecure. An attacker will be able to guess very easily.

The second problem is that you only use ten rounds of the PRG, which means that even if you had a 128-bit key, you would only ever use the first 10, making this inherently insecure.

Your third problem is that you're using i % key.length as the index of your mod function. This is an issue, as the index you're using will increment by exactly one. This would simulate randomness better if you were to have a larger key, but since your key is only four bytes, it won't.

Additionally, you seem to have arbitrarily added a % N to the end of your function. I'm not sure what you're trying to accomplish, but I'm not surprised you are finding repeating patterns. You've collapsed the function down to a tiny number. It's also important to note that as your iteration count increases, your output size increases, which is generally never useful.

Your algorithm also ignores most of the key points of the RC4 generation algorithm; read here for more info.

There's no way to tell you how to fix this, because I don't think you can fix this. I think this concept is inherently insecure.

edited Apr 15 '13 at 14:25

answered Apr 15 '13 at 13:59

What i need is to generate numbers up to N randomly. Which then can be used as index for a reversible shuffle of a int array. – Amar C Apr 15 '13 at 17:38
Right, but that's not what you asked. – Apr 15 '13 at 18:14
well, what i need is that. can you tell me how. – Amar C Apr 15 '13 at 18:27
1

Use Java's `SecureRandom(mByteArray)` – Apr 15 '13 at 18:31
How to use SecureRandom for generating number up to a range without repeating? – Amar C Apr 15 '13 at 19:13
`int randInt; byte key[]= {13,2,4,6,7}; SecureRandom random = new SecureRandom(key); for (int i = 0; i < 9; i++) { randInt = random.nextInt(9); System.out.println(randInt); }` This is what i came up with. But the numbers are repeating. – Amar C Apr 16 '13 at 02:48
Your key is probably too small. Also, I'm not getting repeating numbers. – Apr 16 '13 at 06:01
if you are only selecting from the numbers 1-9, of course some of the numbers are going to repeat... do you instead want a random permutation of the numbers 1 to 9? – Peter Elliott Apr 16 '13 at 15:28

PRNG seeded by key in java

2 Answers2