100218: BigInteger staticRandom field
Doug Lea
dl at cs.oswego.edu
Thu Jan 5 17:58:32 UTC 2012
On 01/05/12 01:02, Bill Pugh wrote:
> So I think the right thing to do is to abandon the original patch, and instead
> make the following changes:
>
> * add the following method to BigInteger public boolean
> *isProbablePrime*(int certainty, Random end) , which allows primality
> testing with arbitrary Random objects. In many cases, using a well seeded
> normal Random object will work just fine, and this will give users the
> ability to provide their own Random objects
> * Document SecureRandom to note that all instances of SecureRandom depend on
> a common shared source of randomness, and thus it can be a concurrency
> bottlenck.
> * Document that BigInteger.*isProbablePrime*(int certainty) is a concurrency
> bottleneck.
This all sounds perfect to me.
Joe Darcy - do you have any thoughts?
> * Add java.util.concurrent.MostlySecureRandom which uses /dev/random for
> seeding, and uses only the SHA1PRNG implementation provided by
> sun.security.provider.SecureRandom to generate subsequent randomness. Feel
> free to pick a name other than MostlySecureRandom. After the initial
> seeding, calls to generate randomness using a MostlySecureRandom should
> not use any shared values.
I think the only question is whether, given low expected usage, it would be
OK just to explain how to do this in some javadoc, and also provide in some
jsr166<n>.extras package.
-Doug
More information about the core-libs-dev
mailing list