harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject [classlib][security]SecureRandom will seed itself before the first call to nextBytes if it has not been seeded?
Date Thu, 07 Jun 2007 02:11:28 GMT
Hi,
     I found the spec says, to a non-argument constructor for
SecurityRandom, the SecurityRandom():

    *Note that this instance of SecureRandom has not been seeded. A call to
the setSeed method will seed the SecureRandom object. If a call is not made
to setSeed, the first call to the nextBytes method will force the
SecureRandom object to seed itself.*
*   *
*   *
But it seems that SecureRandom does not call setSeed before the first call
to nextBytes when it is not seeded.*    *
Here is a testcase:

public class TestSecureRandom {

 public static void main(String[] args) {
  SecureRandom secureRandom = new MockSecureRandom();
  secureRandom.nextBytes(new byte[32]);
  System.out.println("Succeed!");
 }
}


class MockSecureRandom extends SecureRandom {
    @Override
    public synchronized void setSeed(byte[] seed) {
        System.out.println("setSeed called!");
        super.setSeed(seed);
    }
}
  Which shows that although the secureRandom is not seeded, and when we get
the nextBytes, it is not seeded by setSeed.

  So my question is:
  1. Is the SecureRandom really been seeded?
  2. How is it seeded as spec says?
  3. Is the implementation of SecureRandomSpi that seeds itself?

Thanks.
Good luck!

-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message