jdk/src/share/lib/security/java.security-linux
changeset 16915 675d1569af3e
parent 16744 b3ca7ed8e44f
child 16920 d062d91d9dec
--- a/jdk/src/share/lib/security/java.security-linux	Thu Apr 11 19:36:52 2013 -0700
+++ b/jdk/src/share/lib/security/java.security-linux	Thu Apr 11 21:03:24 2013 -0700
@@ -76,26 +76,57 @@
 security.provider.9=sun.security.smartcardio.SunPCSC
 
 #
-# Select the source of seed data for SecureRandom. By default an
-# attempt is made to use the entropy gathering device specified by
-# the securerandom.source property. If an exception occurs when
-# accessing the URL then the traditional system/thread activity
-# algorithm is used.
+# Sun Provider SecureRandom seed source.
+#
+# Select the primary source of seed data for the "SHA1PRNG" and
+# "NativePRNG" SecureRandom implementations in the "Sun" provider.
+# (Other SecureRandom implementations might also use this property.)
+#
+# On Unix-like systems (for example, Solaris/Linux/MacOS), the
+# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
+# special device files such as file:/dev/random.
 #
-# On Solaris and Linux systems, if file:/dev/urandom is specified and it
-# exists, a special SecureRandom implementation is activated by default.
-# This "NativePRNG" reads random bytes directly from /dev/urandom.
+# On Windows systems, specifying the URLs "file:/dev/random" or
+# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
+# mechanism for SHA1PRNG.
+#
+# By default, an attempt is made to use the entropy gathering device
+# specified by the "securerandom.source" Security property.  If an
+# exception occurs while accessing the specified URL:
+#
+#     SHA1PRNG:
+#         the traditional system/thread activity algorithm will be used.
+#
+#     NativePRNG:
+#         a default value of /dev/random will be used.  If neither
+#         are available, the implementation will be disabled.
+#         "file" is the only currently supported protocol type.
 #
-# On Windows systems, the URLs file:/dev/random and file:/dev/urandom
-# enables use of the Microsoft CryptoAPI seed functionality.
+# The entropy gathering device can also be specified with the System
+# property "java.security.egd". For example:
+#
+#   % java -Djava.security.egd=file:/dev/random MainClass
 #
-securerandom.source=file:/dev/urandom
+# Specifying this System property will override the
+# "securerandom.source" Security property.
+#
+# In addition, if "file:/dev/random" or "file:/dev/urandom" is
+# specified, the "NativePRNG" implementation will be more preferred than
+# SHA1PRNG in the Sun provider.
 #
-# The entropy gathering device is described as a URL and can also
-# be specified with the system property "java.security.egd". For example,
-#   -Djava.security.egd=file:/dev/urandom
-# Specifying this system property will override the securerandom.source
-# setting.
+securerandom.source=file:/dev/random
+
+#
+# A list of known strong SecureRandom implementations.
+#
+# To help guide applications in selecting a suitable strong
+# java.security.SecureRandom implementation, Java distributions should
+# indicate a list of known strong implementations using the property.
+#
+# This is a comma-separated list of algorithm and/or algorithm:provider
+# entries.
+#
+securerandom.strongAlgorithms=NativePRNGBlocking:SUN
 
 #
 # Class to instantiate as the javax.security.auth.login.Configuration
@@ -159,9 +190,9 @@
                com.sun.org.glassfish.gmbal.,\
                com.oracle.xmlns.internal.,\
                com.oracle.webservices.internal.,\
-	       jdk.internal.,\
-	       jdk.nashorn.internal.,\
-	       jdk.nashorn.tools.
+               jdk.internal.,\
+               jdk.nashorn.internal.,\
+               jdk.nashorn.tools.
 
 #
 # List of comma-separated packages that start with or equal this string
@@ -187,9 +218,9 @@
                    com.sun.org.glassfish.gmbal.,\
                    com.oracle.xmlns.internal.,\
                    com.oracle.webservices.internal.,\
-		   jdk.internal.,\
-		   jdk.nashorn.internal.,\
-		   jdk.nashorn.tools.
+                   jdk.internal.,\
+                   jdk.nashorn.internal.,\
+                   jdk.nashorn.tools.
 
 #
 # Determines whether this properties file can be appended to