On Fri, Jan 17, 2020 at 10:57 AM Emond Papegaaij <[email protected]> wrote:
> > > + random = SecureRandom.getInstanceStrong(); > > > > > > > Since we have now CryptingPageStore it is possible that an application > > store some pages with algo X. > > If the application is clustered and rolling upgrade is done with a new > > version of JDK it is possible that the new best strong algo is now Y. > > In this case the application won't be able to decrypt the old pages. > > The implementation of the random source does not matter for encryption > and decryption of pages. The only thing that matters is that the > random source provides secure random data for the keys. > > > > +public interface ISecureRandomSupplier > > > > nit: no need of `public` in interfaces > > I know, but I don't like it when an interface is not public. I never > understood why the public keyword is optional for interfaces anyway. > All interfaces in the JDK are public as well. > I meant the (abstract) methods in the interfaces. They are public implicitly > > I've pushed a commit with the other improvements. I don't know why I > used WicketTester as superclass, it did work :) > Magic! :-) Thank you, Emond! > > Best regards, > Emond >
