-
Bug
-
Resolution: Fixed
-
P3
-
9
-
b123
From looking at the code, it looks like the implementation treats any value for the strength parameter that is < 0 as a default strength.
In that case, I think the API should be updated to specify that. In fact, it is currently underspecified since it does not say how values < -1 are handled. However, it may be more reasonable to throw IllegalArgumentException if the strength parameter is < -1.
This affects the instantiation and nextBytes methods which both take a strength parameter.
In that case, I think the API should be updated to specify that. In fact, it is currently underspecified since it does not say how values < -1 are handled. However, it may be more reasonable to throw IllegalArgumentException if the strength parameter is < -1.
This affects the instantiation and nextBytes methods which both take a strength parameter.
- relates to
-
JDK-8051408 JEP 273: DRBG-Based SecureRandom Implementations
-
- Closed
-