[
https://issues.apache.org/jira/browse/PIRK-2?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15381432#comment-15381432
]
Joseph Witt commented on PIRK-2:
--------------------------------
This looks like a good step forward. Get the explicit provider reference
removed so it will use the default as Tim has done then also optionally allow
it to be specific in those cases where one wishes greater control in behavior
(https://issues.apache.org/jira/browse/PIRK-8). I found this page to explain
the thought process well
https://www.cigital.com/blog/proper-use-of-javas-securerandom/ as it points out
how these things can have interesting behavioral side effects that may be
desirable in different in situations.
> Enhance Pallier acquisition of PRNG provider
> --------------------------------------------
>
> Key: PIRK-2
> URL: https://issues.apache.org/jira/browse/PIRK-2
> Project: PIRK
> Issue Type: Bug
> Reporter: Tim Ellison
> Assignee: Tim Ellison
>
> {{org.apache.pirk.encryption.Pallier}} has a hard coded requirement for the
> {{NativePRNG}} algorithm to be supplied by the {{SUN}} provider. This causes
> the {{test.general.PaillierTest}} to fail on IBM's Java implementation.
> The implementation should allow the provider to be configured by the
> java.security properties of the runtime to allow for provider optimizations,
> etc.
> Furthermore, the instantiation of a provider is relatively (CPU) expensive,
> so reusing the PRNG is preferable to acquiring it each time a value is
> required.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
