This is an automated email from the ASF dual-hosted git repository.
papegaaij pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/master by this push:
new ac966ee WICKET-6730: replaced SecureRandom.getStrongInstance() by
SHA1PRNG due to performance
ac966ee is described below
commit ac966ee03438a9f144c281e101b51b88b9101a24
Author: Emond Papegaaij <emond.papega...@topicus.nl>
AuthorDate: Wed Jan 22 21:51:25 2020 +0100
WICKET-6730: replaced SecureRandom.getStrongInstance() by SHA1PRNG due to
performance
---
.../apache/wicket/core/random/DefaultSecureRandomSupplier.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git
a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
index cb00235..b8168b3 100644
---
a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
+++
b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
@@ -22,7 +22,11 @@ import java.security.SecureRandom;
import org.apache.wicket.WicketRuntimeException;
/**
- * A very simple {@link ISecureRandomSupplier} that holds a strong {@code
SecureRandom}.
+ * A very simple {@link ISecureRandomSupplier} that holds a {@code
SecureRandom} using
+ * {@code SHA1PRNG}. This {@code SecureRandom} is strong enough for generation
of nonces with a
+ * short lifespan, but might not be strong enough for generating long-lived
keys. When your
+ * application has stronger requirements on the random implementation, you
should replace this class
+ * by your own implementation.
*
* @author papegaaij
*/
@@ -34,7 +38,7 @@ public class DefaultSecureRandomSupplier implements
ISecureRandomSupplier
{
try
{
- random = SecureRandom.getInstanceStrong();
+ random = SecureRandom.getInstance("SHA1PRNG");
}
catch (NoSuchAlgorithmException e)
{
