Background to RNG implementations


(Will Sargent) #1

https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html

The exact historical reasons to include custom RNG implementations could not be reconstructed but it was likely because RNGs provided by previous versions of the JDK were deemed too slow.

Yes, this is the case, referencing




(Patrik Nordwall) #2

Thanks Will. Those RNGs shouldn’t have been included in Akka in the first place, and that was a mistake. Security must be preferred over performance. As far as I understand a custom implementation can be installed via the ordinary SecurityProvider if someone really wants that, but it shouldn’t be part of Akka.

A good article that you linked to before is https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/