I'm not convinced about this one. If we need secure entropy, we get it
from Yarrow. Is this test code, or is it actually used? Have we been
using Random() all along when we could have been using Yarrow, or is
this only used for testing purposes?
On Thu, Nov 16, 2006 at 09:41:21PM +0000, nextgens at freenetproject.org wrote:
> Author: nextgens
> Date: 2006-11-16 21:41:20 +0000 (Thu, 16 Nov 2006)
> New Revision: 10958
>
> Modified:
> trunk/freenet/src/freenet/crypt/DSA.java
> Log:
> use SecureRandom insteed of Random in DSASignature (thanks to UniquePerson)
>
> Modified: trunk/freenet/src/freenet/crypt/DSA.java
> ===================================================================
> --- trunk/freenet/src/freenet/crypt/DSA.java 2006-11-16 21:38:12 UTC (rev
> 10957)
> +++ trunk/freenet/src/freenet/crypt/DSA.java 2006-11-16 21:41:20 UTC (rev
> 10958)
> @@ -4,7 +4,7 @@
> package freenet.crypt;
>
> import java.math.BigInteger;
> -import java.util.Random;
> +import java.util.SecureRandom;
>
> import freenet.support.Logger;
>
> @@ -63,7 +63,7 @@
> BigInteger s=kInv.multiply(s1).mod(g.getQ());
> if((r.compareTo(BigInteger.ZERO) == 0) ||
> (s.compareTo(BigInteger.ZERO) == 0)) {
> Logger.normal(DSA.class, "R or S equals 0 : Weird
> behaviour detected, please report if seen too often.");
> - return sign(g, x, r, generateK(g, new Random()), m);
> + return sign(g, x, r, generateK(g, new SecureRandom()),
> m);
> }
> return new DSASignature(r,s);
> }
>
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20061116/4360b104/attachment.pgp>
