[jetty-dev] Question about SecureRandom reseeding.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-dev] Question about SecureRandom reseeding.

From: Jacob Rhoden <jacob.rhoden@xxxxxx>
Date: Thu, 21 Nov 2013 10:40:03 +1100
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Hi Guys,

Thanks everyone for all your hard work on the Jetty project, it really truly is awesome. Im looking forward to seeing the potential performance improvements in 9.1 in production. With regards to:

http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java

I notice that when generating session tokens, it seems like having _reseed = 100000L would make the chance to reseed extremely low. I wonder where this number came from? i.e. was it selected to be arbitrarily high so that people can reduce it if need be, or is there some mathematical/cryptographical reason that this value was selected. Is this value deemed appropriate for all general purpose applications, would you adjust it for applications with significant need for security, i.e. banking, etc...

Best regards,
Jacob

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: [jetty-dev] Upcoming GIT Repository Changes (post 9.1 release)
Next by Date: [jetty-dev] Jetty Client Problems
Previous by thread: [jetty-dev] Jetty 9.1.0.v20131115 Stable Release!
Next by thread: [jetty-dev] Jetty Client Problems
Index(es):
- Date
- Thread

Breadcrumbs