bcgit
Allow SP800SecureRandomBuilder to make other HashDrbgs and HMacDrbgs with digests other than SHA.
Why in the world would you do something like this? Is there a good reason or are you guys just trying to prevent people from having good random numbers?
Org.BouncyCastle.Crypto.Prng.Drbg.DrbgUtilities.cs :
internal class DrbgUtilities
{
private static readonly IDictionary maxSecurityStrengths = Platform.CreateHashtable();
static DrbgUtilities()
{
maxSecurityStrengths.Add("SHA-1", 128);
maxSecurityStrengths.Add("SHA-224", 192);
maxSecurityStrengths.Add("SHA-256", 256);
maxSecurityStrengths.Add("SHA-384", 256);
maxSecurityStrengths.Add("SHA-512", 256);
maxSecurityStrengths.Add("SHA-512/224", 192);
maxSecurityStrengths.Add("SHA-512/256", 256);
}
internal static int GetMaxSecurityStrength(IDigest d)
{
return (int)maxSecurityStrengths[d.AlgorithmName];
}
internal static int GetMaxSecurityStrength(IMac m)
{
string name = m.AlgorithmName;
return (int)maxSecurityStrengths[name.Substring(0, name.IndexOf("/"))];
}
}
This prevents you from using any Digest or HMac SP800-90A RNG except those 7 SHA variants.
I have gotten around this by inheriting the IDigest I want to use and then overriding the AlgorithmName so it fits this short stupid list. Otherwise you get a "NullReference Error" because obviously most of your IDigests are not included here. You put the crappy ones in, but leave out the good ones? Why?
Don't try and tell me SHA3-512 doesn't support 256 bits of security. There's only a couple real PRNGs here guys. Out of the SP800-90A variants there are only 3, but each one is supposed to be infinitely customizable.
Out of the 2 specified SP800 types (Digest and HMac) you have given us only 4 working 256bit variants? I haven't even tested to see all the roadblocks for the CtrDrbgProviders. How many of those are usable? This seems like an important issue to me.
