On Fri, Jul 19, 2013 at 5:10 PM, Guy Steele <[email protected]> wrote:
> > On Jul 19, 2013, at 1:05 AM, Kasper Nielsen <[email protected]> wrote: > > Thanks so much for your feedback! Your points are well taken. > > I agree that this is a problem, and in fact have already looked at ways to > get > other environmental information to mix into the initial seed. The problem > is making it Write Once, Run Anywhere---what environmental information > other than time-of-day is reliably available on all platforms? Adding a high quality PRNG that does not have a quality initial default seed makes no sense. It is highly unlikely that even power users will be able to come up with a better seed than whatever we figure out. Using a shared static SecureRandom.generateSeed() to generate the seed is probably the easiest way to get a good seed that is portable. Or maybe http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/tip/src/share/classes/sun/security/provider/SeedGenerator.java can be used in some way. See also this JEP http://openjdk.java.net/jeps/123 - Kasper
