[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug crypto/38417] gnu.java.security.util.PRNG produces easily predictab

From: csm at gnu dot org
Subject: [Bug crypto/38417] gnu.java.security.util.PRNG produces easily predictable values
Date: 8 Dec 2008 21:11:41 -0000

------- Comment #8 from csm at gnu dot org  2008-12-08 21:11 -------
This is an artifact from GNU Crypto, and it's something I've always hated about
that part of the code.

We never (I don't think) came up with a good seeding mechanism in GNU Crypto
itself -- the PRNG system supports seeding, of course, but we never came up
with good, automatic seeding. This is really because it depends a lot on the
runtime environment; on *nix, we'd likely go and use /dev/[u]random, and would
do something else on Windows.

gnu.java.security.util.PRNG is kind of a bad idea; code needing random numbers
should use a SecureRandom -- ideally one that can be changed at runtime.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]