-
CSR
-
Resolution: Approved
-
P4
-
None
-
minimal
-
The change is to a javadoc message to more accurately reflect behavior already existing in this method.
-
Java API
-
SE
Summary
The setSeed(long) method in SecureRandom should have a paragraph similar to one that already appears in setSeed(byte[]), cautioning that the value specified should have sufficient entropy for a call to nextBytes in immediate succession.
Problem
See Summary (above).
Solution
The javadoc was updated to include the additional paragraph to setSeed(long) as it appears in setSeed(byte[])
Specification
diff --git a/src/java.base/share/classes/java/security/SecureRandom.java b/src/java.base/share/classes/java/security/SecureRandom.java
index faedb7ffb969..bc5cf0693828 100644
--- a/src/java.base/share/classes/java/security/SecureRandom.java
+++ b/src/java.base/share/classes/java/security/SecureRandom.java
@@ -725,6 +725,11 @@ public void setSeed(byte[] seed) {
* in the given {@code long seed}. The given seed supplements,
* rather than replaces, the existing seed. Thus, repeated calls
* are guaranteed never to reduce randomness.
+ * <p>
+ * A PRNG {@code SecureRandom} will not seed itself automatically if
+ * {@code setSeed} is called before any {@code nextBytes} or {@code reseed}
+ * calls. The caller should make sure that the {@code seed} argument
+ * contains enough entropy for the security of this {@code SecureRandom}.
*
* <p>This method is defined for compatibility with
* {@code java.util.Random}.- csr of
-
JDK-8220732 setSeed(long) java api doc is missing warning about provided seed quality
-
- Resolved
-