0

When developing high security apps using a hardware based encryption on Android its nice to have the Keystore API for encryption functionalities. However when needing to use random values it seams like the recomended way to do it is to use SecureRandom class which seams to be a software based solution.

How is it that it doesn't seam to be possible to have hardware secure random numbers on Android taking advantage of the hardware based solution for encryption that already exists?

sgaleta
  • 53
  • 5
  • I'm not sure if the keystore is actually using a better source of random numbers, so much as its just a separate chip with its own storage such that even if you root the device you can't access it directly. Consumer devices aren't too likely to have really good random number generators in hardware, just not a lot of demand for it. – Gabe Sechan Sep 12 '22 at 15:13
  • @GabeSechan when looking at the documentation for the [Keystore API](https://developer.android.com/training/articles/keystore) it specifies one of the benefits of the Hardware security module is "A true random-number generator." This is what I would like to have access to. – sgaleta Sep 13 '22 at 18:05
  • There is no access to it. It's a separate hardware chip with a limited api to it, in order to make sure the data on it is cryptographically secure. You can't access its random number generator. If it actually has one- there's actually no promise of that, just that its a separate chip. How it generates its random numbers is implementation specific. – Gabe Sechan Sep 13 '22 at 18:28

0 Answers0