-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 9
-
Component/s: security-libs
-
b123
From looking at the code, it looks like the implementation treats any value for the strength parameter that is < 0 as a default strength.
In that case, I think the API should be updated to specify that. In fact, it is currently underspecified since it does not say how values < -1 are handled. However, it may be more reasonable to throw IllegalArgumentException if the strength parameter is < -1.
This affects the instantiation and nextBytes methods which both take a strength parameter.
In that case, I think the API should be updated to specify that. In fact, it is currently underspecified since it does not say how values < -1 are handled. However, it may be more reasonable to throw IllegalArgumentException if the strength parameter is < -1.
This affects the instantiation and nextBytes methods which both take a strength parameter.
- relates to
-
JDK-8051408 JEP 273: DRBG-Based SecureRandom Implementations
-
- Closed
-