[concurrency-interest] ThreadLocalRandom clinit troubles

Peter Levart peter.levart at gmail.com
Mon Jul 14 12:59:03 EDT 2014


Hi Sean, Alex

Here's a sum-up post:

http://mail.openjdk.java.net/pipermail/security-dev/2014-June/010700.html

Regards, Peter


On 07/14/2014 04:44 PM, Sean Mullan wrote:
> I don't see a pointer to the webrev/patch -- did you forget to include 
> it?
>
> --Sean
>
> On 07/11/2014 07:33 PM, Martin Buchholz wrote:
>> Thanks to Peter for digging into the secure seed generator classes and
>> coming up with a patch.  Openjdk security folks, please review. I 
>> confess
>> to getting lost whenever I try to orient myself in the twisty maze of 
>> seed
>> generator implementation files.
>>
>> Anyways, it seems important to have prngs like ThreadLocalRandom be 
>> able to
>> get a few bits of seed entropy without loading hundreds of classes and
>> without occupying any file descriptors permanently.  Perhaps at 
>> Google we
>> will go back to writing some simple non-portable startup code to read
>> /dev/urandom until openjdk security team comes up with a more principled
>> solution (but one that doesn't drag in too much machinery).
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs.oswego.edu/pipermail/concurrency-interest/attachments/20140714/3321ac59/attachment.html>


More information about the Concurrency-interest mailing list