Hi All Webrev updated again at
http://cr.openjdk.java.net/~weijun/8051408/webrev.11/ http://cr.openjdk.java.net/~weijun/8051408/webrev.11/spec http://cr.openjdk.java.net/~weijun/8051408/webrev.11/specdiff Changes since webrev.10: - DRBG's generateSeed() will directly read from securerandom.source and does not have the synchronized modifier anymore. This is the same as SHA1PRNG. - new Capability methods boolean supportsReseeding() and boolean supportsPredictionResistance() - The "drbg" security property is renamed to "securerandom.drbg.config". - SecureRandom#nextBytes(byte[]) will no longer throw an NPE. It's up to a provider to decide what to do. Currently, SunPKCS11 ignores it and all others throw an NPE. - Move spec in Instantiate#getCapability to Capability. - Internal nonce provider upgraded from a long to 16 bytes. - "DRBG:SUN" added as a fallback for "securerandom.strongAlgorithms" security property on *nix - Rename engineConfigure() to configure() in AbstractDrbg, and merge configureInternal() into it. - Provider#newInstanceUtil will throw NoSuchMethodException (instead of IAE) if a SecureRandom implementation has not provided a constructor with a params parameter and user is calling getInstance(alg,params). This is just an internal change since the exception thrown by getInstance() is always be NoSuchAlgorithmException. - More information in exceptions - Other refactoring Thanks Max