|Applies To||Cert-J 3.1|
|Issue||Why is DefaultRandom slower in Cert-J 3.1+ compared to 3.0?|
Cert-J 3.1 uses Crypto-J 4.1. One of the items in the "New Features" section of the Crypto-J 4.1 release notes is:
"* The provision of 128-bit security strength Dual Elliptic Curve Deterministic Random Bit Generator (EC DRBG) as the default random number generator. The Dual EC DRBG is specified in NIST SP 800-90. Users may switch to use another random number generator by explicit user configuration."
The slowness that you are seeing is due to the fact that ECDRBG is now being used by default. This is also specified in the Javadoc for the Cert-J com.rsa.certj.provider.random.DefaultRandom class:
'This class implements the default Cert-J random service provider. It uses the default Crypto-J random type which is either ECDRBG128 or as specified in the security property: "com.rsa.crypto.default.random".'
As stated in the Cert-J javadoc for DefaultRandom, the default random algorithm can be overridden by setting the "com.rsa.crypto.default.random" property.
See also: How to set the default random algorithm for Crypto-J and Cert-J a49058
|Legacy Article ID||a49057|