Thanks Endre - that's an interesting account.
To generate the random seed I used the current system time, the running
time of the current process and an address of a local variable allocated
with the port library equivalent of malloc. I found that, although
fairly simple, this produced a good variety of seeds. I deliberately
avoided using the JNIEnv, jclass, jbytearray and jint addresses passed
as parameters to the function as I found they were often consistent
between runs.
If anyone has suggestions on improvements to the seed selection, they
would be gratefully received. A patch with the improvements in would be
even more gratefully received ;)
Regards,
Oliver
Endre Stølsvik wrote:
Yuri Dolgov wrote:
I had a little experience in this. I used several rdtsc values, local
and
JNI variables
addresses, java memory info and nanotime value.
Once upon a time, I also had the great idea to seed a random number
generator by using the hashCode() (they say it is the "address" of the
object on many JVMs) of some specific object.
However, by pretty much pure luck, I tested out a bit-print method
(basically, toBinaryString()) on the first random number that the
system made. And what do you know - it was the same every time I
started the web application! It soon hit me that of course it would
be: starting up big old Tomcat and this rather heavy application would
nevertheless be very deterministic: the sequence of objects created
will be exactly the same every single time - including the hashCode()
of that particular object I used. I guess the same can happen for
local addresses too.
Please be careful when creating and seeding _secure_ system random
number generators - they ought to be pretty random!
Kind regards,
Endre.
--
Oliver Deakin
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
