[squeak-dev]
DigitalSignatureAlgorithm>>#initRandomNonInteractively is not random
Chris Muller
asqueaker at gmail.com
Sun Aug 22 21:35:25 UTC 2010
Good, SecureRandom employs its #generateKey method (on the class side)
to initialize its 'picker' (class-instance var). This was intended to
serve as a globally usable SecureRandom so that clients like
DigitalSignatureAlgorithm would not have to define their own.
On Sat, Aug 21, 2010 at 5:30 AM, Rob Withers <reefedjib at gmail.com> wrote:
> I found a problem with
> DigitalSignatureAlgorithm>>#initRandomNonInteractively. It is grabbing
> randomBits from the SoundSystem, but I may not have that installed. It gave
> me the same bits repeatedly. I modified
> DigitalSignatureAlgorithm>>#initRandomNonInteractively to not rely on the
> SoundSystem and instead use SecureRandom. This is published in the
> Cryptography repository.
>
> Rob
>
>
More information about the Squeak-dev
mailing list
|