@@ -53,6 +53,14 @@ public class DRBG
5353{
5454 private static final String PREFIX = DRBG .class .getName ();
5555
56+ private static int get256BitsEffectiveEntropySize ()
57+ {
58+ // by default we assume .9 bits per real bit
59+ int effectiveBits = Properties .asInteger ("org.bouncycastle.drbg.effective_256bits_entropy" , 282 );
60+
61+ return ((effectiveBits + 7 ) / 8 ) * 8 ;
62+ }
63+
5664 // {"Provider class name","SecureRandomSpi class name"}
5765 private static final String [][] initialEntropySourceNames = new String [][]
5866 {
@@ -463,7 +471,7 @@ private static class HybridEntropySource
463471 EntropySourceProvider entropyProvider = createCoreEntropySourceProvider ();
464472 bytesRequired = (bitsRequired + 7 ) / 8 ;
465473 // remember for the seed generator we need the correct security strength for SHA-512
466- entropySource = new SignallingEntropySource (entropyDaemon , seedAvailable , entropyProvider , 256 );
474+ entropySource = new SignallingEntropySource (entropyDaemon , seedAvailable , entropyProvider , get256BitsEffectiveEntropySize () );
467475 drbg = new SP800SecureRandomBuilder (new EntropySourceProvider ()
468476 {
469477 public EntropySource get (final int bitsRequired )
@@ -592,7 +600,7 @@ private static class OneShotHybridEntropySource
592600 EntropySourceProvider entropyProvider = createCoreEntropySourceProvider ();
593601 bytesRequired = (bitsRequired + 7 ) / 8 ;
594602 // remember for the seed generator we need the correct security strength for SHA-512
595- entropySource = new OneShotSignallingEntropySource (seedAvailable , entropyProvider , 256 );
603+ entropySource = new OneShotSignallingEntropySource (seedAvailable , entropyProvider , get256BitsEffectiveEntropySize () );
596604 drbg = new SP800SecureRandomBuilder (new EntropySourceProvider ()
597605 {
598606 public EntropySource get (final int bitsRequired )
0 commit comments