If the Random number generator is "sufficiently random" could we avoid
the digesting? Or should it be an option?
Since java1.6 has SecureRandom - is its current implementation good
enough to avoid all the extra tricks currently being done and we can
just use that as a default? [Or maybe - we should extend Random and use
that as the default Random instance and move all the initialization
seed/entropy/etc into that class.]
The decision to hash was one made a long time ago (before my time) and
probably was done with respect to not having SecureRandom and other
oddities surrounding the problem of seeding. Do those problems still
exist - or do they exist on some platforms.
-Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org