JDK-4917421 : SecureRandom spec should explicitly mention true random implementations
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2003-09-04
  • Updated: 2017-05-16
  • Resolved: 2003-09-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
5.0 tigerFixed
The spec of the SecureRandom class currently only talks about PRNG implementations. However, the implicit intent of the class is clearly to also allow for implementations where nextBytes() returns true random bytes, as may be possible in some hardware configurations. There are also PRNG implementations that continously reseed themselves as entropy becomes available, such as /dev/urandom available on some Unix versions.

The spec should be enhanced to explicitly mention such implementations.

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger FIXED IN: tiger INTEGRATED IN: tiger tiger-b22

EVALUATION CCC being filed. ###@###.### 2003-09-05