olamy commented on issue #590: URL: https://github.com/apache/mina-sshd/issues/590#issuecomment-2322841690
> I'm not a fan of yet another system property. There's too many already. The one for using BCFIPS instead of BC will be complicated to not have. > > I see three things: > > 1. Why even use a `BouncyCastleRandomFactory` and `BouncyCastleRandom` at all? Why can't we just use Java's own `SecureRandom`? Definitely agree with that. SecureRandom is even compatible with FIPS. Maybe would be better to use only the current `JceRandom` but with `SecureRandom.getInstanceStrong()` > 2. The `PKCS8PEMResourceKeyPairParser` should be changed such that encrypted keys are parsed in a separate class, and we register that separate parser only if the required BC support is present. not sure to follow. do you mean some new method in `SecurityProviderRegistrar`? > 3. If we want to make this `RandomFactory` overrideable, use the `ServiceLoader`. If a service can be found for RandomFactory, use that; otherwise fall back to the current code. I don;t have real need for this, I just need something working when using `BCFIPS`, but I didn't want to break the current code too much. This sounds like a better idea to do it. I have no real strong opinion, but I'm happy to add some `ServiceLoader` to support this. Just let me kow. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
