Hello,
Catching up on email after the holidays...
On 01/05/2012 09:58 AM, Doug Lea wrote:
On 01/05/12 01:02, Bill Pugh wrote:
So I think the right thing to do is to abandon the original patch,
and instead
make the following changes:
* add the following method to BigInteger public boolean
*isProbablePrime*(int certainty, Random end) , which allows
primality
testing with arbitrary Random objects. In many cases, using a
well seeded
normal Random object will work just fine, and this will give
users the
ability to provide their own Random objects
* Document SecureRandom to note that all instances of
SecureRandom depend on
a common shared source of randomness, and thus it can be a
concurrency
bottlenck.
* Document that BigInteger.*isProbablePrime*(int certainty) is a
concurrency
bottleneck.
This all sounds perfect to me.
Joe Darcy - do you have any thoughts?
Hmmm. While the API changes appear fine at first, I'm a bit concerned
about how to make isProbablePrime*(int certainty, Random end) suitably
robust against possibly adversarial sources of randomness (all zeros,
all ones, etc.) The number-theoretic primarily tests used by the
existing isProbablePrime(int) rely on a good source of random bits; I'd
have to research what the weakest assumptions on the source of
randomness are for the existing checks to still be valid.
I think informative (not normative) notes in the javadoc on the latter
two points would be fine.
Cheers,
-Joe
