Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

The staticRandom field in the BigInteger class

user3250413Feb 4 2018 — edited Feb 6 2018

Hi all,

In the OpenJDK source code of the BigInteger class, there is a static variable named staticRandom which stores a SecureRandom object:

private static volatile Random staticRandom;

private static Random getSecureRandom() {

if (staticRandom == null) {

staticRandom = new java.security.SecureRandom();

}

return staticRandom;

}

We got troubles if the provider associated with this SecureRandom instance is removed (Security.removeProvider), since this static variable is not refreshed.

Is that a Java bug ?

Processing

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 6 2018

Added on Feb 4 2018

#other-security-apis-tools-and-issues

3 comments

196 views

Java Security

The staticRandom field in the BigInteger class

Comments

Post Details