Is SHA1 secured enough as a PRNG

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I read SHA1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA256. SHA512 is even better.



In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?






random-number-generator sha-256 sha-1 semantic-security







share|improve this question







New contributor




Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.























    up vote
    2
    down vote

    favorite












    I read SHA1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA256. SHA512 is even better.



    In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



    Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?






    random-number-generator sha-256 sha-1 semantic-security







    share|improve this question







    New contributor




    Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I read SHA1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA256. SHA512 is even better.



      In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



      Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?






      random-number-generator sha-256 sha-1 semantic-security







      share|improve this question







      New contributor




      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I read SHA1 is still a secured hashing function with no collision found as of now. However, it's just a matter of time for someone to come up with such a collision or attack. Therefore, in new projects, it is recommended to use SHA256. SHA512 is even better.



      In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



      Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?






      random-number-generator sha-256 sha-1 semantic-security




      random-number-generator sha-256 sha-1 semantic-security






      share|improve this question







      New contributor




      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 4 hours ago









      Saptarshi Basu

      1184




      1184




      New contributor




      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Saptarshi Basu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote



          accepted











          I read SHA1 is still a secured hashing function with no collision found as of now.




          You read an old text, this is not the case anymore since SHA-1 was SHAttered.




          In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



          Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?




          SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.



          That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.



          And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.






          share|improve this answer




















          • Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
            – Paul Uszak
            6 mins ago






          • 1




            Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
            – Maarten Bodewes
            3 mins ago











          Your Answer




          StackExchange.ifUsing("editor", function ()
          return StackExchange.using("mathjaxEditing", function ()
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          );
          );
          , "mathjax-editing");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "281"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          Saptarshi Basu is a new contributor. Be nice, and check out our Code of Conduct.









           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63198%2fis-sha1-secured-enough-as-a-prng%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote



          accepted











          I read SHA1 is still a secured hashing function with no collision found as of now.




          You read an old text, this is not the case anymore since SHA-1 was SHAttered.




          In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



          Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?




          SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.



          That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.



          And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.






          share|improve this answer




















          • Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
            – Paul Uszak
            6 mins ago






          • 1




            Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
            – Maarten Bodewes
            3 mins ago















          up vote
          4
          down vote



          accepted











          I read SHA1 is still a secured hashing function with no collision found as of now.




          You read an old text, this is not the case anymore since SHA-1 was SHAttered.




          In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



          Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?




          SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.



          That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.



          And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.






          share|improve this answer




















          • Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
            – Paul Uszak
            6 mins ago






          • 1




            Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
            – Maarten Bodewes
            3 mins ago













          up vote
          4
          down vote



          accepted







          up vote
          4
          down vote



          accepted







          I read SHA1 is still a secured hashing function with no collision found as of now.




          You read an old text, this is not the case anymore since SHA-1 was SHAttered.




          In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



          Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?




          SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.



          That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.



          And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.






          share|improve this answer













          I read SHA1 is still a secured hashing function with no collision found as of now.




          You read an old text, this is not the case anymore since SHA-1 was SHAttered.




          In Java, we still use SHA1PRNG algorithm in SecureRandom class for the purpose of generating IV (let's say for CBC).



          Is it enough secured as a PRNG generating unpredictable IV for CBC? Or even for a PRNG, SHA256 is recommended?




          SHA-1 is still fine for key derivation, HMAC, MGF1 based padding and indeed random generation and many other use cases that do not suffer from collision attacks.



          That said, attacks can only get better, never worse, so using a more modern hash is always recommended. When it comes to random number generation the seeding is much more likely to be problematic though, and you should definitely make sure that your systems RNG is running correctly.



          And, when it comes to Java's SecureRandom, you may want to consider my answer on StackOverflow and not use (or at least indicate) "SHA1PRNG" at all.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 4 hours ago









          Maarten Bodewes

          49.5k569182




          49.5k569182











          • Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
            – Paul Uszak
            6 mins ago






          • 1




            Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
            – Maarten Bodewes
            3 mins ago

















          • Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
            – Paul Uszak
            6 mins ago






          • 1




            Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
            – Maarten Bodewes
            3 mins ago
















          Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
          – Paul Uszak
          6 mins ago




          Wrt this answer and your other, why then is SHA-1 SecureRandom still part of JDK 10? My conspiracy organ is aching...
          – Paul Uszak
          6 mins ago




          1




          1




          Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
          – Maarten Bodewes
          3 mins ago





          Well, it is still secure. And if they remove it then all of the existing software that uses "SHA1PRNG" breaks. If they were out there to break your code they would not have supplied the more secure alternatives or SecureRandom.getInstanceStrong() I suppose. Heck, you can easily make a HSM or SmartCard provided random the default. Most other languages / libraries are way less flexible. Android used a bad implementation of SHA1PRNG and now simply lies if you try and use it, as everybody still hardcodes "SHA1PRNG" for some reason or other.
          – Maarten Bodewes
          3 mins ago











          Saptarshi Basu is a new contributor. Be nice, and check out our Code of Conduct.









           

          draft saved


          draft discarded


















          Saptarshi Basu is a new contributor. Be nice, and check out our Code of Conduct.












          Saptarshi Basu is a new contributor. Be nice, and check out our Code of Conduct.











          Saptarshi Basu is a new contributor. Be nice, and check out our Code of Conduct.













           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63198%2fis-sha1-secured-enough-as-a-prng%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          Long meetings (6-7 hours a day): Being “babysat” by supervisor

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
          Read more

          Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
          Read more

          Confectionery

          Image
          Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
          Read more