Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Instances of java.util.Random are not cryptographically secure #1

Closed
dhcgn opened this issue Jan 29, 2021 · 2 comments
Closed

Instances of java.util.Random are not cryptographically secure #1

dhcgn opened this issue Jan 29, 2021 · 2 comments

Comments

@dhcgn
Copy link

dhcgn commented Jan 29, 2021

Instances of java.util.Random are not cryptographically secure. Consider instead using SecureRandom to get a cryptographically secure pseudo-random number generator for use by security-sensitive applications.

ref-idp-server/idp-crypto/src/main/java/de/gematik/idp/crypto/Nonce.java

Line 20 in 694ebd6

import java.util.Random;

@Arkinator
Copy link

Thanks for the headsup.
Currently none of the random sources in the server are hardened. This is deliberate and will be addressed in a later release.

@RStaeber RStaeber closed this as completed Dec 5, 2022
@RStaeber
Copy link
Member

RStaeber commented Dec 5, 2022

java.util.Random is no longer part of the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dhcgn @Arkinator @RStaeber