[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug classpath/23899] SecureRandom.next should call nextBytes
From: |
gnu at frogcircus dot org |
Subject: |
[Bug classpath/23899] SecureRandom.next should call nextBytes |
Date: |
19 Apr 2006 11:56:33 -0000 |
------- Comment #12 from gnu at frogcircus dot org 2006-04-19 11:56 -------
You seem to have come to an understanding of the problem in Classpath, which
does indeed appear to be a real bug. I've thus retitled the bug report.
For the sake of completeness, I am including the final reply I got from the
BouncyCastle mailing list, which suggests that this is a problem that will
surface in many other places besides BouncyCastle:
----------------------------------------------------------------------------------
I do believe the javadocs for SecureRandom.nextBytes() are
self-explanatory, and supercede where relevant those of Random. The
override of nextBytes _should_ be called regardless of which particular
method on Random is being used. Googling for examples of code that
extends SecureRandom
(http://www.google.com.au/search?hl=en&q=%22extends+SecureRandom%22+nextBytes&bt
+nG=Google+Search&meta=)
confirms, to my mind, that it is "generally accepted" that overriding
nextBytes is the key to supplying one's own random data, so this
incompatibility is not isolated to BouncyCastle. YMMV.
--
gnu at frogcircus dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|BouncyCastle crypto library |SecureRandom.next should
|errors |call nextBytes
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23899
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug classpath/23899] SecureRandom.next should call nextBytes,
gnu at frogcircus dot org <=