[security-dev 00646]: Re: Please review:
Xuelei Fan
Xuelei.Fan at Sun.COM
Tue Mar 3 07:54:58 UTC 2009
Sounds fine to me.
Xuelei
Weijun Wang wrote:
> Xuelei Fan wrote:
>
>> Max,
>>
>> I'm not satisfied with the fix, it try to read the *first* 1024 files in
>> the "java.io.tmpdir", I don't know the order of the iterator of
>> java.nio.file.Path.newDirectoryStream(), but if the order sounds like by
>> name, by creation time, etc. I don't think the randomness is strong enough.
>>
>
> Correct. On a server with too many tmp files not get deleted, the first
> 1024 will always be the same.
>
> New webrev:
> http://cr.openjdk.java.net/~weijun/6705872/webrev.01/
>
> Now I choose the file for random. To be 100% identical to the old codes
> when there are not many files, I always choose the first 512 files.
>
>
>> We talked about the bug around July, 2008 (Subject: SHA1PRNG
>> SecureRandom architecture). Brad suggested remove the java.io.tmpdir
>> stuff completely, while I think maybe we need the randomness of them. We
>> got no conclusion on the discuss.
>>
>> I would prefer remove the stuff now.
>>
>
> Well, I don't know. More random facts bring more randomness, and I dare
> out remove any of them without a theoretical computation.
>
> Thanks
> Max
>
>
>> Thanks,
>> Andrew
>>
>> Weijun Wang wrote:
>>
>>> Hi All
>>>
>>> A code review request for
>>>
>>> 6705872 SecureRandom number init is taking too long
>>> on a java.io.tmpdir with a large number of files.
>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6705872
>>>
>>> Webrev is at:
>>>
>>> http://cr.openjdk.java.net/~weijun/6705872/webrev.00/
>>>
>>> The threshold 1024 is a randomly chosen big enough number.
>>>
>>> Thanks
>>> Max
>>>
>>>
More information about the security-dev
mailing list