On 27/11/2010 20:37, Phil Steitz wrote: >> Author: markt >> Date: Sat Nov 27 11:41:10 2010 >> New Revision: 1039657
> I think you need to drop the line > > result.setSeed(seed); > > following this; otherwise you are seeding result with (unadulterated) > currentTimeMillis. For a SecureRandom that should not cause a problem but it is of little to no value. There is no need to removed it as it is not reducing entropy but it may as well be removed as it is unlikely to be adding that much entropy either. > If you want to take the initialization hit in this > method, you can call nextBytes; otherwise you may as well just return new > SecureRandom() (in which case, the self-seeding and initialization hit will > take place the first time the generator is used). The initialisation hit is taken when the Manager starts triggered by the call to generateSessionId() in startInternal(). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
