[This should be discussed on the security alias so I am copying
security-dev and -bcc-ing core-libs-dev]
As Bernd noted, use of SHA1PRNG should ideally be replaced with a
stronger secure random algorithm, so the impact of this issue is
probably not that significant. That said, I think this is still worthy
of fixing.
On 4/28/23 7:40 AM, Bernd wrote:
There are two solutions I think.
1. Create a constructor for SecureRandom.
#1 seems easy enough. We can add a SecureRandom(SecureRandomParameters)
to sun.security.provider.SecureRandom. (The ctor can ignore the
parameter and just call SecureRandom()).
I can file an issue on your behalf.
2. Compare using getConstructors instead of getConstrctor.
--Sean
