If the Random number generator is "sufficiently random" could we avoid the digesting? Or should it be an option?

Since java1.6 has SecureRandom - is its current implementation good enough to avoid all the extra tricks currently being done and we can just use that as a default? [Or maybe - we should extend Random and use that as the default Random instance and move all the initialization seed/entropy/etc into that class.]

The decision to hash was one made a long time ago (before my time) and probably was done with respect to not having SecureRandom and other oddities surrounding the problem of seeding. Do those problems still exist - or do they exist on some platforms.

-Tim

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to