Chuck, On 4/9/12 1:23 PM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue > >> Line 567: long update = ((byte) entropy[i]) << ((i % 8) * 8); > >> 2. 'i' is reduced by the modulus operator to 0..7 > > And then multiplied by 8. > >> 3. Thus, the value of entropy[i] is never left-shifted more than 7 bits > > No, it's left shifted between 0 and 56 bits (maintaining byte > alignment). Information is lost.
Rrr. Duh. In fact, the upper 3 bytes of the entropy are lost, which is quite a bit. This definitely should be cast to long at some point before the << occurs. Andros, please log a bug report in Bugzilla: https://issues.apache.org/bugzilla/ -chris
signature.asc
Description: OpenPGP digital signature
