Hi,
even if the case is with the current time not active. Is it an good idea
to define an fixed value
for random generator under special conditions that are time depending ?
Gruß Thomas
---
package sun.security.ssl;
RandomCookie(final SecureRandom sr) {
final long ts0 = System.currentTimeMillis() / 1000L;
int ts1;
if(ts0 < Integer.MAX_VALUE) { ts1 = (int)ts0 ; }
else *{ ts1 = Integer.MAX_VALUE; }*
this.random_bytes = new byte[32];
sr.nextBytes(this.random_bytes);
this.random_bytes[0] = (byte)(ts1 >> 24);
this.random_bytes[1] = (byte)(ts1 >> 16);
this.random_bytes[2] = (byte)(ts1 >> 8);
this.random_bytes[3] = (byte) ts1;
}
