--- a/jdk/src/share/lib/security/java.security-linux Thu Apr 11 19:36:52 2013 -0700
+++ b/jdk/src/share/lib/security/java.security-linux Thu Apr 11 21:03:24 2013 -0700
@@ -76,26 +76,57 @@
security.provider.9=sun.security.smartcardio.SunPCSC
#
-# Select the source of seed data for SecureRandom. By default an
-# attempt is made to use the entropy gathering device specified by
-# the securerandom.source property. If an exception occurs when
-# accessing the URL then the traditional system/thread activity
-# algorithm is used.
+# Sun Provider SecureRandom seed source.
+#
+# Select the primary source of seed data for the "SHA1PRNG" and
+# "NativePRNG" SecureRandom implementations in the "Sun" provider.
+# (Other SecureRandom implementations might also use this property.)
+#
+# On Unix-like systems (for example, Solaris/Linux/MacOS), the
+# "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
+# special device files such as file:/dev/random.
#
-# On Solaris and Linux systems, if file:/dev/urandom is specified and it
-# exists, a special SecureRandom implementation is activated by default.
-# This "NativePRNG" reads random bytes directly from /dev/urandom.
+# On Windows systems, specifying the URLs "file:/dev/random" or
+# "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
+# mechanism for SHA1PRNG.
+#
+# By default, an attempt is made to use the entropy gathering device
+# specified by the "securerandom.source" Security property. If an
+# exception occurs while accessing the specified URL:
+#
+# SHA1PRNG:
+# the traditional system/thread activity algorithm will be used.
+#
+# NativePRNG:
+# a default value of /dev/random will be used. If neither
+# are available, the implementation will be disabled.
+# "file" is the only currently supported protocol type.
#
-# On Windows systems, the URLs file:/dev/random and file:/dev/urandom
-# enables use of the Microsoft CryptoAPI seed functionality.
+# The entropy gathering device can also be specified with the System
+# property "java.security.egd". For example:
+#
+# % java -Djava.security.egd=file:/dev/random MainClass
#
-securerandom.source=file:/dev/urandom
+# Specifying this System property will override the
+# "securerandom.source" Security property.
+#
+# In addition, if "file:/dev/random" or "file:/dev/urandom" is
+# specified, the "NativePRNG" implementation will be more preferred than
+# SHA1PRNG in the Sun provider.
#
-# The entropy gathering device is described as a URL and can also
-# be specified with the system property "java.security.egd". For example,
-# -Djava.security.egd=file:/dev/urandom
-# Specifying this system property will override the securerandom.source
-# setting.
+securerandom.source=file:/dev/random
+
+#
+# A list of known strong SecureRandom implementations.
+#
+# To help guide applications in selecting a suitable strong
+# java.security.SecureRandom implementation, Java distributions should
+# indicate a list of known strong implementations using the property.
+#
+# This is a comma-separated list of algorithm and/or algorithm:provider
+# entries.
+#
+securerandom.strongAlgorithms=NativePRNGBlocking:SUN
#
# Class to instantiate as the javax.security.auth.login.Configuration
@@ -159,9 +190,9 @@
com.sun.org.glassfish.gmbal.,\
com.oracle.xmlns.internal.,\
com.oracle.webservices.internal.,\
- jdk.internal.,\
- jdk.nashorn.internal.,\
- jdk.nashorn.tools.
+ jdk.internal.,\
+ jdk.nashorn.internal.,\
+ jdk.nashorn.tools.
#
# List of comma-separated packages that start with or equal this string
@@ -187,9 +218,9 @@
com.sun.org.glassfish.gmbal.,\
com.oracle.xmlns.internal.,\
com.oracle.webservices.internal.,\
- jdk.internal.,\
- jdk.nashorn.internal.,\
- jdk.nashorn.tools.
+ jdk.internal.,\
+ jdk.nashorn.internal.,\
+ jdk.nashorn.tools.
#
# Determines whether this properties file can be appended to