ThreadLocalRandom clinit troubles (original) (raw)

Peter Levart peter.levart at gmail.com
Mon Jul 14 16:59:03 UTC 2014

• Previous message: ThreadLocalRandom clinit troubles
• Next message: [concurrency-interest] ThreadLocalRandom clinit troubles
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Sean, Alex

Here's a sum-up post:

http://mail.openjdk.java.net/pipermail/security-dev/2014-June/010700.html

Regards, Peter

On 07/14/2014 04:44 PM, Sean Mullan wrote:

I don't see a pointer to the webrev/patch -- did you forget to include it?

--Sean On 07/11/2014 07:33 PM, Martin Buchholz wrote: Thanks to Peter for digging into the secure seed generator classes and coming up with a patch. Openjdk security folks, please review. I confess to getting lost whenever I try to orient myself in the twisty maze of seed generator implementation files.

Anyways, it seems important to have prngs like ThreadLocalRandom be able to get a few bits of seed entropy without loading hundreds of classes and without occupying any file descriptors permanently. Perhaps at Google we will go back to writing some simple non-portable startup code to read /dev/urandom until openjdk security team comes up with a more principled solution (but one that doesn't drag in too much machinery).

• Previous message: ThreadLocalRandom clinit troubles
• Next message: [concurrency-interest] ThreadLocalRandom clinit troubles
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list