Inquiry about DRBG algorithm backing Constrypt's OpenSSLRandom.

[Hawoon An]

Hello,

Currently, conscrypt's org.conscrypt.OpenSSLProvider seems to only support SHA1PRNG algorithm for the provider's SecureRandom, implemented as org.conscrypt.OpenSSLRandom.

SHA-1 is now broken and deprecated, with NIST aiming to phase out the algorithm by 2030. 

Upon my inspection of Conscrypt's code, I have noticed that OpenSSLRandom makes a call to natively-compiled BoringSSL's RAND_bytes, which is backed by FIPS certified AES CTR DRBG.

This is much more secure than SHA1PRNG, and would be strong enough to be used beyond 2030 sunset date. I can only guess that this down-labling of security must have been done due to compatibility issues.

Here are my questions:

1. Am I correct in thinking that Conscrypt OpenSSLRandom uses Boring SSL's AES CTR DRBG?

2. Do you have plans to add another duplicate SecureRandom implementation explicitly specifying AES CTR DRBG in the future?

Thank you very much in advance.