harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject [classlib][security]SecureRandom will seed itself before the first call to nextBytes if it has not been seeded?
Date Thu, 07 Jun 2007 02:11:28 GMT
     I found the spec says, to a non-argument constructor for
SecurityRandom, the SecurityRandom():

    *Note that this instance of SecureRandom has not been seeded. A call to
the setSeed method will seed the SecureRandom object. If a call is not made
to setSeed, the first call to the nextBytes method will force the
SecureRandom object to seed itself.*
*   *
*   *
But it seems that SecureRandom does not call setSeed before the first call
to nextBytes when it is not seeded.*    *
Here is a testcase:

public class TestSecureRandom {

 public static void main(String[] args) {
  SecureRandom secureRandom = new MockSecureRandom();
  secureRandom.nextBytes(new byte[32]);

class MockSecureRandom extends SecureRandom {
    public synchronized void setSeed(byte[] seed) {
        System.out.println("setSeed called!");
  Which shows that although the secureRandom is not seeded, and when we get
the nextBytes, it is not seeded by setSeed.

  So my question is:
  1. Is the SecureRandom really been seeded?
  2. How is it seeded as spec says?
  3. Is the implementation of SecureRandomSpi that seeds itself?

Good luck!

Leo Li
China Software Development Lab, IBM

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message