harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Endre StĂžlsvik <En...@stolsvik.com>
Subject Re: [classlib][security] RandomBitsSupplier.getRandomBits() on zOS
Date Tue, 08 Jan 2008 00:35:27 GMT
Yuri Dolgov wrote:
> I had a little experience in this. I used several rdtsc values, local and
> JNI variables
> addresses, java memory info and nanotime value.

Once upon a time, I also had the great idea to seed a random number 
generator by using the hashCode() (they say it is the "address" of the 
object on many JVMs) of some specific object.

However, by pretty much pure luck, I tested out a bit-print method 
(basically, toBinaryString()) on the first random number that the system 
made. And what do you know - it was the same every time I started the 
web application! It soon hit me that of course it would be: starting up 
big old Tomcat and this rather heavy application would nevertheless be 
very deterministic: the sequence of objects created will be exactly the 
same every single time - including the hashCode() of that particular 
object I used. I guess the same can happen for local addresses too.

Please be careful when creating and seeding _secure_ system random 
number generators - they ought to be pretty random!

Kind regards,
Endre.

Mime
View raw message