I support Peter at al's plan to add an API that ThreadLocalRandom et al can
use to get some system entropy without unbounded class dependency loading.
It should not surprise anyone that at Google, we are most interested in
running on Linux, so while we're waiting for a proper fix to happen we are
SecureRandom is unfortunatelly pretty complex. It is interpreting the seed
url in some way (the configuration you mentioned behave very special since
Java 6) , it is mixing seed and continues data and it reorders the
implementations used.
JEP 123 intended to clear things, but getInstanceStrong()
Can someone summarize what happened?
SecureRandom used to get entropy from /dev/random, which is configurable
through a policy file to /dev/urandom. Has this changed?
Alex
On 12/07/2014 00:33, Martin Buchholz wrote:
Thanks to Peter for digging into the secure seed generator classes and
comin
