commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Sicker <boa...@gmail.com>
Subject Re: [lang] Shuffling arrays
Date Fri, 30 Sep 2016 16:34:10 GMT
I thought he meant that if your code works with either Random or
SecureRandom, you're doing it wrong. They both have very different use
cases, and the fact that SecureRandom extends Random contributes to the
confusion.

On 30 September 2016 at 08:02, Emmanuel Bourg <ebourg@apache.org> wrote:

> Le 28/09/2016 à 15:28, Gilles a écrit :
>
> > Conversely, using "SecureRandom" in place of a deterministic
> > RNG is only useful in toy applications since the main feature
> > (of non-secure RNGs) one usually needs is reproducibility.
>
> I guess the Tomcat developers will love hearing they are building a toy
> application :)
>
> https://github.com/apache/tomcat80/blob/TOMCAT_8_0_37/
> java/org/apache/catalina/util/SessionIdGeneratorBase.java#L170
>
>
> > [1] Even the Java architects have indirectly acknowledged that,
> >     by having a new random-related class _NOT_ extend "Random"
> >     (allowing them to drop all the cruft brought by it).
>
> Are you referring to java.security.SecureRandomSpi not extending
> java.util.Random? This is merely a mechanism allowing to plug extra
> implementations, the whole security package is designed around this
> concept. But users only deal with SecureRandom, which extends Random.
>
> Emmanuel Bourg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
Matt Sicker <boards@gmail.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message