RandomCookie problem ?

[Thomas Lußnig]

Hi,

even if the case is with the current time not active. Is it an good idea 
to define an fixed value
for random generator under special conditions that are time depending ?

Gruß Thomas

---

package sun.security.ssl;

     RandomCookie(final SecureRandom sr) {
         final long ts0 = System.currentTimeMillis() / 1000L;
         int ts1;
         if(ts0 < Integer.MAX_VALUE) { ts1 = (int)ts0        ; }
         else *{ ts1 = Integer.MAX_VALUE; }*
         this.random_bytes = new byte[32];
         sr.nextBytes(this.random_bytes);
         this.random_bytes[0] = (byte)(ts1 >> 24);
         this.random_bytes[1] = (byte)(ts1 >> 16);
         this.random_bytes[2] = (byte)(ts1 >> 8);
         this.random_bytes[3] = (byte) ts1;
     }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20161213/5df666f9/attachment.htm>