Output from request:
Bug Id: 4189235
** Bug created!
--------------------------- Original Message ---------------------------
>From java-security@java Wed Nov 11 15:34:42 1998
Return-Path: <java-security@java>
Received: from Ebay.Sun.COM by ssattachments.EBay.Sun.COM (SMI-8.6/SMI-SVR4)
id PAA21072; Wed, 11 Nov 1998 15:34:42 -0800
From: java-security@java
Received: from ssbugtraq.EBay.Sun.COM by Ebay.Sun.COM (SMI-8.6/SMI-5.3)
id PAA01256; Wed, 11 Nov 1998 15:34:41 -0800
Received: from Ebay.Sun.COM by ssbugtraq.EBay.Sun.COM (SMI-8.6/SMI-SVR4)
id PAA16087; Wed, 11 Nov 1998 15:34:42 -0800
Received: from Eng.Sun.COM by Ebay.Sun.COM (SMI-8.6/SMI-5.3)
id PAA09270; Wed, 11 Nov 1998 15:34:40 -0800
Received: from shorter.eng.sun.com (shorter.Eng.Sun.COM [129.144.124.35])
by Eng.Sun.COM (SMI-8.6/SMI-5.3) with SMTP id PAA29955
for <bugsbymail@ssbugtraq.ebay>; Wed, 11 Nov 1998 15:34:42 -0800
Received: from crypto.Eng.Sun.COM by shorter.eng.sun.com (SMI-8.6/SMI-SVR4)
id PAA28956; Wed, 11 Nov 1998 15:34:39 -0800
Date: Wed, 11 Nov 1998 15:34:39 -0800
Message-Id: <199811112334.PAA28956@shorter.eng.sun.com>
To: bugsbymail@ssbugtraq.EBay.Sun.COM
Subject: create_bug
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: postEmail @(#) PostEmail.java 1.10 98/09/05 11:26:23
content-length: 1559
User: rs26595
Category: java
Subcategory: classes_security
Bug/rfe/eou: rfe
Synopsis: Fatal handicap java.security.SecureRandom
Keywords: webbug
Keywords: 1.2only
Severity Impact: 2
Severity Functionality: 2
Priority: 4
Description:
I would like to emphasize the need for a method
to seed a SecureRandom to a specific
"seed value/algorithm/provider" combo.
The existing "setSeed" method supplements but
does not "reset" the seed...
...and where a seed value can be passed to the
constructor, there is no way to garrantee which
provider/algo gets instantiated if you don't
have control over the platform.
(Which in network communications you don't.)
I would'nt expect many of your beta-testers to
recognize this shortcoming but it is a
regretable limitation that can be rectified
simply by providing the neccessary constructor.
Otherwise, for us, its kind of a show stopper.
BSAFE, Security Builder, everyone supports
this in the cryyptographic context for their
hashing operations. It's important.
What were you guys thinking? ;)
Otherwise looks like a great job,...so far.
If you wish I can expand on the circumstances
where this operation is important.
robert.walker@moh.hnet.bc.ca
Cheers,
Robert Walker
250-952-2520
(Review ID: 41068)
Comments:
(company - HealthNet/BC , email - robert.walker@moh.hnet.bc.ca)
customer_rec: new
Company: other
Employee: robert walker robert.walker@moh.hnet.bc.ca (other)
Release: 1.2beta4
Hardware version: generic
O/S version: generic
User Role: D
User Type: E
Sun Contact: schemers
end_customer_rec: