I support Peter's initiative and am willing to help review if we have
general consensus about the direction.
>From superficial review:
+ int nread = randomStream.read(bytes);
+ if (nread != bytes.length) {
+ throw new InternalError("Short read from: " + RANDOM_FILE);
Martin's pet peeve: use readFully (why doesn't InputStream support
that yet?!) copy-paste from elsewhere in the jdk.
---
I'm not sure we need instances that hold on to system resources. any
particular call site is likely to do a single read of a small number
of random bytes in a clinit method.
On Tue, Dec 2, 2014 at 9:36 AM, Alan Bateman <alan.bate...@oracle.com> wrote:
> On 02/12/2014 16:42, Peter Levart wrote:
>>
>> :
>>
>> Here's a proof of concept for an API that just delegates to
>> system-provided "cryptographically secure" (as declared by the system(s))
>> pseudo random number generator:
>>
>> http://cr.openjdk.java.net/~plevart/jdk9-dev/SystemRandom/webrev.01/
>>
> The API looks reasonable to me too, I'm just not sure that java.util is the
> right place and whether it needs to be a Java SE API.
>
> -Alan
