SecureRandom serializable?? was: Re: RFR 8154523: SHA1PRNG output should change after reset
Michael StJohns
mstjohns at comcast.net
Sun May 8 20:22:46 UTC 2016
Does anyone else think there's something wrong with SecureRandom being
serializable? In general, the internal state of a random number
generator shouldn't be extract-able or even saveable.
I realize this behavior has probably been in the class since the
beginning - but I hadn't actually read this code until I saw the review
request.
Mike
On 5/8/2016 9:06 AM, Wang Weijun wrote:
> Ping again.
>
>> On May 3, 2016, at 10:26 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>
>> Hi All
>>
>> Please take a review at
>>
>> http://cr.openjdk.java.net/~weijun/8154523/webrev.00
>>
>> Basically, a reset in SHA1PRNG should forget the internal state and cached output.
>>
>> Thanks
>> Max
>>
More information about the security-dev
mailing list