--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CAEoPEDo7zSZpcd7wkQL3PNE_28DrQZ9%2BiZhO6MAicCfrrbHUOw%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CANw6fcEGmyOgUwWwP-1DSdaWFHG2i%3Dv8otQq9zU3aC0s_zaP6A%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CAEoPEDpxOfr7dn4fzHWQk594cUNGmwf62vs428zJcPeH5SMyyQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CAN-TLMCaUJo_uCkkrmY-DDqA4W3EhU24DuESB0_jqBcZT%3DfEPg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/eced0044-c1f4-490f-b2df-26a1f01aa35e%40cloudfoundry.org.
Better Support for High Entropy Random Number Generation: The SecureRandom
class provides the generation of cryptographically strong random numbers used for private or public keys, ciphers, signed messages, and so on. SomeSecureRandom
implementations are better than others. The getInstanceStrong()
method was introduced in JDK 8, which returns an instance of the strongest SecureRandom
implementation available on each platform. It should be used in cases when you need to create a high-value and long-lived secret, such as an RSA private and public key pair.
For more information, see the SecureRandom section of the JCA Reference Guide and the SecureRandom API Specification.
Other changes to SecureRandom
include:
SecureRandom
seed source properties in the java.security
file. (The obscure workaround using file:///dev/urandom
and file:/dev/./urandom
is no longer required.)see below for some discussion here of a tomcat7 / jdk8 combination with poor performance due to the entropy issue for security init stuff. i'm not sure if tomcat developers hear about this complaint very often or not,
but if there is an elegant way to use a new JDK8 feature in tomcat8 that provides a better user experience that is still considered secure,
then that may be an interesting option to consider for tomcat. thinking about it makes me cringe a bit because i realize that would be introducing an alternate code path since jdk7 is supported tomcat8 [1]
--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CAB%3Dt-sUR94NUp14uEiT47F73Z4NQN3fJQcCrmC6FXXXEe0xZAA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/219ffbba-8168-4191-a1fc-1e373d750433%40cloudfoundry.org.