4

I need to write a random number generator that uses an algorithm that is FIPS 140-2 compliant/certified. I am having a tough time finding anything that will work for me. Anyone done this before? I don't want to pay an arm and a leg to do this.

Using Java 8. Development environment is Mac OSX and servers are CentOs 7.

UPDATE:

Code looks like this to date.

import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.LongStream;

public class LongRandom {
public LongRandom(){}
private Long minLong = new Long("1000000000000000000");

public List<Long> getRandomLongList(int numberOfRandom){
final SecureRandom random = new SecureRandom();
LongStream longs = random.longs(numberOfRandom, minLong, Long.MAX_VALUE).distinct();
long[] arrayLong = longs.toArray();
List<Long> list = Arrays.stream(arrayLong).boxed().collect(Collectors.toList());

return list;
}

public Long getRandomLongWinner(List<Long> potentialWinners){
final SecureRandom random = new SecureRandom();
Collections.shuffle(potentialWinners,random);
IntStream ints = random.ints(1,0,(potentialWinners.size() - 1));

return potentialWinners.get(ints.findFirst().getAsInt());
}

}

Adrian E
  • 49
  • 1
  • 3
  • 1
    Where are you blocked? What have you currently written? (please post your code so we can provide an accurate help) – Adonis Mar 02 '17 at 22:21
  • 1
    An algorithm can be FIPS compliant, an implementation can be FIPS certified (which means it passes all test vectors, does startup tests etc.) – Maarten Bodewes Mar 02 '17 at 22:46
  • Have you read the Javadoc for `SecureRandom`? – chrylis -cautiouslyoptimistic- Mar 02 '17 at 23:10
  • I have something like this so far... I'm just not sure if it's random enough. I did read the SecureRandom Javadocs that states that it is minimally FIPS 140-2 compliant. – Adrian E Mar 06 '17 at 21:52
  • The Java Docs say that it minimally complies, but I do not see it in the NIST validation database, so in my mind if you need a FIPS 140-2 module, this will not do. Maybe it validated and the NIST database is too cryptic, so to speak, for me to interpret properly? – Hill5Air Dec 06 '19 at 21:57

1 Answers1

0

Here's the official list of adequate RNGs. BSAFE is widely used.

http://csrc.nist.gov/groups/STM/cavp/documents/rng/rngval.html

Charlie Martin
  • 110,348
  • 25
  • 193
  • 263
  • BSAFE *was* widely used for random number generators until the Dual EC DRBG debacle. Other providers had the same PRNG, but only BSAFE made it their default, as far as I know. – Maarten Bodewes Mar 03 '17 at 12:38