SecureRandom is unfortunatelly pretty complex. It is interpreting the seed
url in some way (the configuration you mentioned behave very special since
Java 6) , it is mixing seed and continues data and it reorders the
implementations used.
JEP 123 intended to clear things, but getInstanceStrong()
I am out of the office until 22/07/2014.
I will take leave from 14th, July, and will be back on 22nd, July.
Please contact Tianyu Tang/Singapore/IBM or Ke Pi/Singapore/IBM for Java
Security L3 work.
Best regards,
Feng Zhemin
Note: This is an automated response to your message "security-dev
Can someone summarize what happened?
SecureRandom used to get entropy from /dev/random, which is configurable
through a policy file to /dev/urandom. Has this changed?
Alex
On 12/07/2014 00:33, Martin Buchholz wrote:
Thanks to Peter for digging into the secure seed generator classes and
comin
Looking to backport this change to jdk7u-dev. Best security practice
would be to lower the preference ordering of RC4 ciphersuites. This is
work that's already in progress for JDK 8u and JDK 9.
For JDK 7u, I'd also like to introduce a compatibility flag which will
reverse this change in case l
Hi Sean, Alex
Here's a sum-up post:
http://mail.openjdk.java.net/pipermail/security-dev/2014-June/010700.html
Regards, Peter
On 07/14/2014 04:44 PM, Sean Mullan wrote:
I don't see a pointer to the webrev/patch -- did you forget to include
it?
--Sean
On 07/11/2014 07:33 PM, Martin Buchholz
Hello!
It was reported that trying to use DIRECT as the preferred protocol
results in the CardException to get thrown under MacOSX.
It turn out to be a problem of pcscd-lite implementation of the API:
From the source code [1] it can be seen that the SCardConnect()
function expects its argument
I don't see a pointer to the webrev/patch -- did you forget to include it?
--Sean
On 07/11/2014 07:33 PM, Martin Buchholz wrote:
Thanks to Peter for digging into the secure seed generator classes and
coming up with a patch. Openjdk security folks, please review. I confess
to getting lost when
