Menu

#71 Switch from using Random to SecureRandom

None
closed
nobody
None
5
2019-05-18
2017-02-08
Ryan Guest
No

Switch from using Random to SecureRandom.

Our security team's code scanner flagged an issue where we use Random in Header.java when we should be using SecureRandom.

This project already uses SecureRandom in other places in the code, UDPClient.java.

There is some additional discussion on SecureRandom vs. Random here: https://stackoverflow.com/questions/11051205/difference-between-java-util-random-and-java-security-securerandom

1 Attachments
securerandom.patch

Discussion

  • Brian Wellington

    Brian Wellington - 2017-02-08

    There is a lot of hugely complicated code in UDPClient to deal with Windows systems where getting randomness with SecureRandom triggers DNS resolutions, causing lockups if dnsjava is used to replace the system resolver. All of this logic would need to be duplicated and/or refactored to make the same change in the Header class.

     

    Last edit: Brian Wellington 2017-02-08

  • Ingo

    Ingo - 2019-05-18

    Ticket moved from /p/dnsjava/patches/35/

     

  • Ingo

    Ingo - 2019-05-18
    • status: open --> closed
    • Group: -->
     

  • Ingo

    Ingo - 2019-05-18
     
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.