On Stochastic Security of Java Crypto and NIST DRBG Pseudorandom Sequences
Cryptographic primitives such as secure hash functions (e.g., SHA1, SHA2, and SHA3) and symmetric key block ciphers (e.g., AES and TDES) have been commonly used to design pseudorandom generators with counter modes (e.g., in Java crypto library and in NIST SP800-90A standards). It is assumed that if these primitives are secure then the pseudorandom generators based on these primitives are also secure. However, no systematic research and analysis have been done to support this assumption. Based on complexity theoretic results for pseudorandom sequences, this paper analyzes stochastic properties of long sequences produced by hash function based pseudorandom generators DRBG from NIST SP800-90A and SHA1PRNG from Java crypto library.