Design review: JEP 273: DRBG-Based SecureRandom Implementations
Sean Mullan
sean.mullan at oracle.com
Thu Nov 12 15:23:47 UTC 2015
Hi Max,
Still reviewing, but a couple of initial comments ..
On 11/09/2015 09:54 AM, Wang Weijun wrote:
> Hi All
>
> The following is API/SPI to support NIST 800-90A DRBGs. The JEP is at
>
> https://bugs.openjdk.java.net/browse/JDK-8051408
>
> Some notes before the text:
>
> 1. Mainly, new methods are added to SecureRandom to match DRBG functions:
>
> - configure: choosing the algorithms and parameters
What happens if configure is called more than once, or simultaneously by
more than one thread?
Instead of a configure method, I would suggest adding new getInstance
methods that take an AlgorithmParameterSpec. This should simplify the
implementation.
I also think it might be cleaner and simpler to make EntropyInput an
input parameter of DrbgSpec so that you could have a single
AlgorithmParameterSpec parameter (instead of an AlgParamSpec and
EntropyInput) for the getInstance method.
--Sean
More information about the security-dev
mailing list