I'm using SecureRandom with SHA1PRNG to generate a random sequence. I won't let SecureRandom seed itself, I'm using my own values to seed it. (Please don't tell me that this is unsafe, I have my reasons for doing this).
However, I don't want anyone to know what seed I used. The seed must remain secret and it shouldn't be possible to recalculate the seed from the random sequence.
Does it make sense to calculate the SHA-512 from my value and seed SecureRandom with it? Or will SecureRandom create a SHA1 hash from the seed itself?
Long story short: Should I seed SecureRandom with "value".getBytes() or with the SHA-512 hash of "value", if I want to keep "value" secret?
Where can I find information how the SHA1PRNG algorithm works?
Security-wise, there isn't any real difference between using a static value, or using the hash of a static value. Since
sha1(x)is always the same value, you've really just traded one static value for a different static value.Either way, if someone goes to the trouble of disassembing your program they're going to find out what seed you're using.