[kaffe] patch w/ security implications for SecureRandom
stack at cs.utah.edu
Mon Oct 27 11:31:02 PST 2003
> I've been running into some messy stuff with the kaffe SecureRandom and
> finally looked into what was up - there was a missing shift in the next(int
> numbits) function. Demo program & trivial patch below.
Oops, my bad, I'll check it in in a sec.
> I know kaffe's
> SecureRandom isn't really a strong PRNG (is anyone working on a Yarrow
> for kaffe?), but any app using it at the moment is, well, in need of
> the patch below :)
The existing SHA1PRNG isn't so bad, but it doesn't have a good initial
source of randomness. I have some code that will pull from /dev/random, I
just need to check it in.
More information about the kaffe