You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by pa...@apache.org on 2020/01/22 20:52:11 UTC
[wicket] branch master updated: WICKET-6730: replaced
SecureRandom.getStrongInstance() by SHA1PRNG due to performance
This is an automated email from the ASF dual-hosted git repository.
papegaaij pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/master by this push:
new ac966ee WICKET-6730: replaced SecureRandom.getStrongInstance() by SHA1PRNG due to performance
ac966ee is described below
commit ac966ee03438a9f144c281e101b51b88b9101a24
Author: Emond Papegaaij <em...@topicus.nl>
AuthorDate: Wed Jan 22 21:51:25 2020 +0100
WICKET-6730: replaced SecureRandom.getStrongInstance() by SHA1PRNG due to performance
---
.../apache/wicket/core/random/DefaultSecureRandomSupplier.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
index cb00235..b8168b3 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/random/DefaultSecureRandomSupplier.java
@@ -22,7 +22,11 @@ import java.security.SecureRandom;
import org.apache.wicket.WicketRuntimeException;
/**
- * A very simple {@link ISecureRandomSupplier} that holds a strong {@code SecureRandom}.
+ * A very simple {@link ISecureRandomSupplier} that holds a {@code SecureRandom} using
+ * {@code SHA1PRNG}. This {@code SecureRandom} is strong enough for generation of nonces with a
+ * short lifespan, but might not be strong enough for generating long-lived keys. When your
+ * application has stronger requirements on the random implementation, you should replace this class
+ * by your own implementation.
*
* @author papegaaij
*/
@@ -34,7 +38,7 @@ public class DefaultSecureRandomSupplier implements ISecureRandomSupplier
{
try
{
- random = SecureRandom.getInstanceStrong();
+ random = SecureRandom.getInstance("SHA1PRNG");
}
catch (NoSuchAlgorithmException e)
{