000027508 - Why is DefaultRandom slower in Cert-J 3.1+ compared to 3.0?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027508
Applies ToCert-J 3.1
IssueWhy is DefaultRandom slower in Cert-J 3.1+ compared to 3.0?

Cert-J 3.1 uses Crypto-J 4.1.  One of the items in the "New Features" section of the Crypto-J 4.1 release notes is:

"* The provision of 128-bit security strength Dual Elliptic Curve Deterministic Random Bit Generator (EC DRBG) as the default random number generator. The Dual EC DRBG is specified in NIST SP 800-90. Users may switch to use another random number generator by explicit user configuration."

The slowness that you are seeing is due to the fact that ECDRBG is now being used by default.  This is also specified in the Javadoc for the Cert-J com.rsa.certj.provider.random.DefaultRandom class:

'This class implements the default Cert-J random service provider. It uses the default Crypto-J random type which is either ECDRBG128 or as specified in the security property: "com.rsa.crypto.default.random".'

As stated in the Cert-J javadoc for DefaultRandom, the default random algorithm can be overridden by setting the "com.rsa.crypto.default.random" property.

See also: How to set the default random algorithm for Crypto-J and Cert-J a49058
Legacy Article IDa49057