I'm not convinced about this one. If we need secure entropy, we get it from Yarrow. Is this test code, or is it actually used? Have we been using Random() all along when we could have been using Yarrow, or is this only used for testing purposes?
On Thu, Nov 16, 2006 at 09:41:21PM +0000, [EMAIL PROTECTED] wrote:
> Author: nextgens
> Date: 2006-11-16 21:41:20 +0000 (Thu, 16 Nov 2006)
> New Revision: 10958
>
> Modified:
> trunk/freenet/src/freenet/crypt/DSA.java
> Log:
> use SecureRandom insteed of Random in DSASignature (thanks to UniquePerson)
>
> Modified: trunk/freenet/src/freenet/crypt/DSA.java
> ===================================================================
> --- trunk/freenet/src/freenet/crypt/DSA.java 2006-11-16 21:38:12 UTC (rev
> 10957)
> +++ trunk/freenet/src/freenet/crypt/DSA.java 2006-11-16 21:41:20 UTC (rev
> 10958)
> @@ -4,7 +4,7 @@
> package freenet.crypt;
>
> import java.math.BigInteger;
> -import java.util.Random;
> +import java.util.SecureRandom;
>
> import freenet.support.Logger;
>
> @@ -63,7 +63,7 @@
> BigInteger s=kInv.multiply(s1).mod(g.getQ());
> if((r.compareTo(BigInteger.ZERO) == 0) ||
> (s.compareTo(BigInteger.ZERO) == 0)) {
> Logger.normal(DSA.class, "R or S equals 0 : Weird
> behaviour detected, please report if seen too often.");
> - return sign(g, x, r, generateK(g, new Random()), m);
> + return sign(g, x, r, generateK(g, new SecureRandom()),
> m);
> }
> return new DSASignature(r,s);
> }
>
> _______________________________________________
> cvs mailing list
> cvs@freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
>
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
