100218: BigInteger staticRandom field
Joe Darcy
joe.darcy at oracle.com
Tue Jan 10 07:19:59 UTC 2012
Hello,
Catching up on email after the holidays...
On 01/05/2012 09:58 AM, Doug Lea wrote:
> On 01/05/12 01:02, Bill Pugh wrote:
>
>> So I think the right thing to do is to abandon the original patch,
>> and instead
>> make the following changes:
>>
>> * add the following method to BigInteger public boolean
>> *isProbablePrime*(int certainty, Random end) , which allows
>> primality
>> testing with arbitrary Random objects. In many cases, using a
>> well seeded
>> normal Random object will work just fine, and this will give
>> users the
>> ability to provide their own Random objects
>> * Document SecureRandom to note that all instances of
>> SecureRandom depend on
>> a common shared source of randomness, and thus it can be a
>> concurrency
>> bottlenck.
>> * Document that BigInteger.*isProbablePrime*(int certainty) is a
>> concurrency
>> bottleneck.
>
> This all sounds perfect to me.
> Joe Darcy - do you have any thoughts?
Hmmm. While the API changes appear fine at first, I'm a bit concerned
about how to make isProbablePrime*(int certainty, Random end) suitably
robust against possibly adversarial sources of randomness (all zeros,
all ones, etc.) The number-theoretic primarily tests used by the
existing isProbablePrime(int) rely on a good source of random bits; I'd
have to research what the weakest assumptions on the source of
randomness are for the existing checks to still be valid.
I think informative (not normative) notes in the javadoc on the latter
two points would be fine.
Cheers,
-Joe
More information about the core-libs-dev
mailing list