Marco Hoek created LANG-1750:
--------------------------------
Summary: Using RandomStringUtils.insecure() still leads to using
the secure() random
Key: LANG-1750
URL: https://issues.apache.org/jira/browse/LANG-1750
Project: Commons Lang
Issue Type: Bug
Components: lang.text.*
Affects Versions: 3.16.0
Reporter: Marco Hoek
In RandomStringUtils v3.16, the use of secure() vs insecure() is used to be
able to choose which random generator to use. However, consider the following
code path:
a) RandomStringUtils.insecure().nextAlphanumeric(length)
leads to the instance method 'nextAlphanumeric, which in turn calls:
b) static method RandomStringUtils.random(count, true, true)
which in turn calls
c) static method RandomStringUtils.secure().next(count, letters, numbers)
Conclusion: where I want to use the "insecure" option path, I end up having the
call forwarded to the "secure" random provider anyway. Where I then run into
the problem of having too low entropy and experiencing terrible performance....
(see LANG-1748)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
