I understood what you said. And thank you for forwarding this mail to security-dev. If it is decided to fix this issue and this issue is not as much work as I thought. If you give me the opportunity to change the code via PR, it will be a great honor for a lifetime as a Java developer.
Thanks :) 2023년 4월 29일 (토) 오전 2:04, Sean Mullan <sean.mul...@oracle.com>님이 작성: > [This should be discussed on the security alias so I am copying > security-dev and -bcc-ing core-libs-dev] > > As Bernd noted, use of SHA1PRNG should ideally be replaced with a > stronger secure random algorithm, so the impact of this issue is > probably not that significant. That said, I think this is still worthy > of fixing. > > On 4/28/23 7:40 AM, Bernd wrote: > > There are two solutions I think. > > > > 1. Create a constructor for SecureRandom. > > #1 seems easy enough. We can add a SecureRandom(SecureRandomParameters) > to sun.security.provider.SecureRandom. (The ctor can ignore the > parameter and just call SecureRandom()). > > I can file an issue on your behalf. > > > 2. Compare using getConstructors instead of getConstrctor. > > --Sean >