RFR: 8325506: Ensure randomness is only read from provided SecureRandom object
Weijun Wang
weijun at openjdk.org
Fri Feb 9 01:02:54 UTC 2024
On Thu, 8 Feb 2024 20:53:03 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Many crypto service classes require a `SecureRandom` object at initialization. This test goes through each of them and calculates (generate, encrypt, sign,...) twice with the same `SecureRandom` object and ensures the output is the same.
>
> test/lib/jdk/test/lib/security/SeededSecureRandom.java line 36:
>
>> 34: * system property to this recorded seed to reproduce the failure.
>> 35: */
>> 36: public class SeededSecureRandom extends SecureRandom {
>
> Do you see any value in bringing this "helper class" from test over to the actual public API? Just a suggestion.
Where do you want to use it other than in a test? Besides, it's based on `java.util.Random` and not cryptographically random enough.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17776#discussion_r1483753416
More information about the core-libs-dev
mailing list