SecureRandom.getInstance("SHA1PRNG") is deprecated

[Zeus64]

I don't understand, i see in the code :
SecureRandom.getInstance("SHA1PRNG")

but when i read https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html

They say SHA1PRNG algorithm is not cryptographically strong and have been deprecated !

[hbj508]

SecureRandom.getInstance("SHA1PRNG", "Crypto") is depricated and not SecureRandom.getInstance("SHA1PRNG"). so you can still use SecureRandom.getInstance("SHA1PRNG")

[SyntaxPolice]

Thanks for the feedback. For background, there was an Android entropy bug in ancient history, and Google provides a workaround that's incorporated into our library and is still availability for backward compatibility. I believe that the SHA1PRNG code gets called only on old versions of Android.

Longer term, we want to analyze whether any of the backward compatibility code is still necessary; based on whether & how many devices are still using older versions of Android. The AES library would be significantly simpler without that backward compatibility PRNG fix.