Hi,
this choice is even better than the current version. Because than the
default system wide
secure random provider is used.
Gruß Thomas
On 3/27/2018 12:23 AM, Jamil Nimeh wrote:
Another thought on #2: Another way we could go with this is to create
a new SecureRandom() or use JceSecurity.RANDOM when the random
parameter is null. That would make init(op, key, random) and init(op,
key) behave the same when random is null. You would always get a
random nonce in these two forms. I may go that direction since
there's an established behavior for when no SecureRandom is provided
through Cipher.init(int, Key).
--Jamil
