On 12/13/2016 8:46 AM, Thomas Lußnig wrote:
Hi,
even if the case is with the current time not active. Is it an good idea
to define an fixed value
for random generator under special conditions that are time depending ?
The issue was fixed in JDK 9:
https://bugs.openjdk.java.net/browse/JDK-8046294
Thanks,
Xuelei
Gruß Thomas
---
package sun.security.ssl;
RandomCookie(final SecureRandom sr) {
final long ts0 = System.currentTimeMillis() / 1000L;
int ts1;
if(ts0 < Integer.MAX_VALUE) { ts1 = (int)ts0 ; }
else *{ ts1 = Integer.MAX_VALUE; }*
this.random_bytes = new byte[32];
sr.nextBytes(this.random_bytes);
this.random_bytes[0] = (byte)(ts1 >> 24);
this.random_bytes[1] = (byte)(ts1 >> 16);
this.random_bytes[2] = (byte)(ts1 >> 8);
this.random_bytes[3] = (byte) ts1;
}
