The reseedable and prediction resistance capabilities of a DRBG.
When this object is passed to a SecureRandom.getInstance()
call, it is the requested minimum capability. When it's returned from SecureRandom.getParameters()
, it is the effective capability.
Please note that while the Instantiate_function
defined in NIST SP 800-90Ar1 only includes a prediction_resistance_flag
parameter, the Capability
type includes an extra value RESEED_ONLY
because reseeding is an optional function. If NONE
is used in an Instantiation
object in calling the SecureRandom.getInstance
method, the returned DRBG instance is not guaranteed to support reseeding. If RESEED_ONLY
or PR_AND_RESEED
is used, the instance must support reseeding.
The table below lists possible effective values if a certain capability is requested, i.e.
Capability requested = ...;
SecureRandom s = SecureRandom.getInstance("DRBG",
DrbgParameters(-1, requested, null));
Capability effective = ((DrbgParametes.Initiate) s.getParameters())
.getCapability();
requested and effective capabilities
Requested Value | Possible Effective Values |
NONE | NONE, RESEED_ONLY, PR_AND_RESEED |
RESEED_ONLY | RESEED_ONLY, PR_AND_RESEED |
PR_AND_RESEED | PR_AND_RESEED |
A DRBG implementation supporting prediction resistance must also support reseeding.