ssh: use a single SecureRandom instance for hashing hostnames

According to Spotbugs, that's better practice. It's questionable
whether it makes a big difference, though, especially since the
hash is the cryptographically weak SHA1.

Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java

@@ -34,6 +34,7 @@
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
 import java.util.TreeSet;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Supplier;
@@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase
 
 	private final List<HostKeyFile> defaultFiles = new ArrayList<>();
 
+	private Random prng;
+
 	/**
 	 * Creates a new {@link OpenSshServerKeyDatabase}.
 	 *
@@ -680,7 +683,9 @@ private String createHostKeyLine(Collection<SshdSocketAddress> patterns,
 			// or to Apache MINA sshd.
 			NamedFactory<Mac> digester = KnownHostDigest.SHA1;
 			Mac mac = digester.create();
-			SecureRandom prng = new SecureRandom();
+			if (prng == null) {
+				prng = new SecureRandom();
+			}
 			byte[] salt = new byte[mac.getDefaultBlockSize()];
 			for (SshdSocketAddress address : patterns) {
 				if (result.length() > 0) {