Skip to content

Commit

Permalink
KEYCLOAK-2148: Update HmacOTP to make use of SecureRandom
Browse files Browse the repository at this point in the history
  • Loading branch information
Bruno Oliveira committed Nov 26, 2015
1 parent 4a020d5 commit 0d582a1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
View file
Expand Up @@ -3,7 +3,7 @@
import javax.crypto.Mac; import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Random; import java.security.SecureRandom;


/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
Expand All @@ -29,7 +29,7 @@ public HmacOTP(int numberDigits, String algorithm, int delayWindow) {


public static String generateSecret(int length) { public static String generateSecret(int length) {
String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890"; String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
Random r = new Random(); SecureRandom r = new SecureRandom();
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (int i = 0; i < length; i++) { for (int i = 0; i < length; i++) {
char c = chars.charAt(r.nextInt(chars.length())); char c = chars.charAt(r.nextInt(chars.length()));
Expand Down

0 comments on commit 0d582a1

Please sign in to comment.