Skip to content

Commit

Permalink
MimeTypeUtils uses SecureRandom
Browse files Browse the repository at this point in the history
The prevailing current wisdom is to use the default constructor for
secure and let it pick the best algorithm for the OS.

On Java 8 (Oracle), Linux this results in "NativePRNG" which uses
/dev/random (potentially blocking) for the initial seed, and
/dev/urandom (non-blocking) for subsequent calls to nextInt.

Issue: SPR-16635
  • Loading branch information
rstoyanchev committed Mar 24, 2018
1 parent ff377a3 commit e02ff3a
Showing 1 changed file with 3 additions and 2 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -18,6 +18,7 @@

import java.nio.charset.Charset;
import java.nio.charset.UnsupportedCharsetException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
Expand Down Expand Up @@ -46,7 +47,7 @@ public abstract class MimeTypeUtils {
'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U',
'V', 'W', 'X', 'Y', 'Z'};

private static final Random RND = new Random();
private static final Random RND = new SecureRandom();

private static Charset US_ASCII = Charset.forName("US-ASCII");

Expand Down

0 comments on commit e02ff3a

Please sign in to comment.