> On May 9, 2016, at 4:22 AM, Michael StJohns <mstjo...@comcast.net> wrote: > > Does anyone else think there's something wrong with SecureRandom being > serializable? In general, the internal state of a random number generator > shouldn't be extract-able or even savable.
You are right. That's why we decide to make DRBG not so serializable. Settings are saved but not the internal states. --Max > > I realize this behavior has probably been in the class since the beginning - > but I hadn't actually read this code until I saw the review request. > > Mike
