Title: ReleaseNotes-gmr-2.0.0
Text:
Please use OpenJDK-11-JRE or OpenJDK-8-JRE with Linux or Windows operating system.
There is no compatibilty of keys and signatures generated with earlier versions of gmr and this version!
Please generate new keys of at least 4096 bits length and new signatures with this version of GMR and a real (hardware) number generator!
The Java keygeneration mechanism (at least on windows) can be assumed as broken.
(Taken from: http://stackoverflow.com/questions/19119751/java-keytool-the-security-of-generated-keys-with-java-in-general)
Quote: "Update: Oracle seem to have improved some issues with Java 8."
Please use Linux and check the following properties:
1) The configuration of the Security Providers (thus also for SecureRandom) is done in JAVA_HOME/conf/security/java.security. The default is (top of the list): security.provider.1=SUN
2) securerandom.source=file:/dev/random
3) sudo apt-get install rng-tools
important: this software GMR will not work without rng-tools installed on Linux!
4) sudo vim /etc/default/rng-tools
HRNGDEVICE=/dev/random
which is used by default
5) sudo service rng-tools start
6) sudo service rng-tools status
The bottom line: don't use PRNGs when good randomness is needed!
Attachment: Download