Sorry for the late reply. I was offline for a few days. More below ...
Craig R. McClanahan wrote:
[snip]
> DECISION 1 - WHAT SEEDING MECHANISMS SHOULD WE SUPPORT?
>
> (1A) Default seeding of java.security.SecureRandom (time consuming but
> reasonably secure)
>
> (1B) Current mechanis
"Craig R. McClanahan" wrote:
>
> Christopher Cain has raised some concerns (both in private email and
> publicly on this list) regarding the initialization of pseudo random
> number generators (PRNGs) used to calculate session id values. We need to
> have a quick discussion about this, to determ
> BACKGROUND:
> * An optional entropy-increasing string value that you can specify
> in your "conf/server.xml" file, like this:
>
>
> ...
>
> ...
>
>
> If no entropy property is specified, a default (and therefore
> predictable) entropy string is used.
>
>
Christopher Cain has raised some concerns (both in private email and
publicly on this list) regarding the initialization of pseudo random
number generators (PRNGs) used to calculate session id values. We need to
have a quick discussion about this, to determine whether we want to change
the curren