[
https://issues.apache.org/jira/browse/LANG-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhongxin Yan updated LANG-1794:
-------------------------------
Description:
The current JavaDoc for {{RandomUtils.secure()}} states that it “uses an
algorithms/providers specified in the {{securerandom.strongAlgorithms}}
Security property.” This is misleading.
In reality:
* {{RandomUtils.secure()}} uses {{new SecureRandom()}} and does *not* consult
the {{securerandom.strongAlgorithms}} property.
* The {{securerandom.strongAlgorithms}} property is *only used by*
{{{}RandomUtils.secureStrong(){}}}, which internally calls
{{SecureRandom.getInstanceStrong()}} to select a strong algorithm from the
configured security providers
[Github PR|https://github.com/apache/commons-lang/pull/1503]
!image-2025-11-26-23-02-35-854.png|width=562,height=208!
was:
The current JavaDoc for {{RandomUtils.secure()}} states that it “uses an
algorithms/providers specified in the {{securerandom.strongAlgorithms}}
Security property.” This is misleading.
In reality:
* {{RandomUtils.secure()}} uses {{new SecureRandom()}} and does *not* consult
the {{securerandom.strongAlgorithms}} property.
* The {{securerandom.strongAlgorithms}} property is *only used by*
{{{}RandomUtils.secureStrong(){}}}, which internally calls
{{SecureRandom.getInstanceStrong()}} to select a strong algorithm from the
configured security providers
!image-2025-11-26-23-02-35-854.png|width=562,height=208!
> JavaDoc for RandomUtils.secure() incorrectly mentions
> securerandom.strongAlgorithms
> -----------------------------------------------------------------------------------
>
> Key: LANG-1794
> URL: https://issues.apache.org/jira/browse/LANG-1794
> Project: Commons Lang
> Issue Type: Bug
> Components: lang.*
> Affects Versions: 3.20.0
> Reporter: Zhongxin Yan
> Priority: Major
> Attachments: image-2025-11-26-23-02-17-321.png,
> image-2025-11-26-23-02-35-854.png
>
>
>
> The current JavaDoc for {{RandomUtils.secure()}} states that it “uses an
> algorithms/providers specified in the {{securerandom.strongAlgorithms}}
> Security property.” This is misleading.
> In reality:
> * {{RandomUtils.secure()}} uses {{new SecureRandom()}} and does *not*
> consult the {{securerandom.strongAlgorithms}} property.
> * The {{securerandom.strongAlgorithms}} property is *only used by*
> {{{}RandomUtils.secureStrong(){}}}, which internally calls
> {{SecureRandom.getInstanceStrong()}} to select a strong algorithm from the
> configured security providers
> [Github PR|https://github.com/apache/commons-lang/pull/1503]
> !image-2025-11-26-23-02-35-854.png|width=562,height=208!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
