-
Bug
-
Resolution: Won't Fix
-
P3
-
7
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8169871 | 9 | Weijun Wang | P3 | Closed | Fixed | b147 |
I have a question about the JCA SecureRandom API/SPI. The javadoc is
silent on the issue, but I wonder if there is an implied requirement
for reentrancy/thread-safety for either the API or implementations of the
SPI for nextBytes()? Would be nice if calling code didn't need to
synchronize calls to nextBytes(), but in the absence if doc either way
it seems safest to do so -- most PRNGs depend on internal state, and it
seems likely that incorrect updating of that state could cause the
resulting output stream to become more predictable/less random. Is
thread-safety for API/SPI documented anywhere? Is it undefined?
Should a future version of JSE specify this?
silent on the issue, but I wonder if there is an implied requirement
for reentrancy/thread-safety for either the API or implementations of the
SPI for nextBytes()? Would be nice if calling code didn't need to
synchronize calls to nextBytes(), but in the absence if doc either way
it seems safest to do so -- most PRNGs depend on internal state, and it
seems likely that incorrect updating of that state could cause the
resulting output stream to become more predictable/less random. Is
thread-safety for API/SPI documented anywhere? Is it undefined?
Should a future version of JSE specify this?
- backported by
-
JDK-8169871 SecureRandom should be more explicit about threading
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-