Re: Java encryption implementation

Lars Schoening <lars@newdarkness.com> wrote:
> > Either you develop a really secure PRNG, which I highly doubt for someone
> > who claims and proofs to be a n00b, or you implement a known good PRNG. And
> > then, you would just reimplement something that has already been
> > implemented in the default J2SE runtime.
>
> Ok, I guess I'm just making another LFSR with this one:
>
> x(n+1) = (xn 275604541 - 2n + cn) mod 2^64
> where c is the byte at position n
>
> Im checking it with cn=0 right now and it didn't repeat til n=2^32 yet,
> not sure if that makes the thing any good...
>
> Sorry about the fullquotes, didn't mean to annoy.

Any variation on a LFSR just isn't going to be secure.

But more importantly, why are you doing this? Java has crypto built
in, so just use it. If you want cryptographic randomness, look at the
"SecureRandom" class. If you want to encrypt/decrypt, look at the
DESedeKeySpec and related classes. These are both in the standard
Java platform -- I think the latest platform also supports AES, but
I'm not absolutely certain about that.

You're reinventing the wheel with a bunch of jello in a square shape,
when you've got a real high performance tire just waiting for you to
use it...

-- 
Steve Stringer
sillybanter@gmail.com