Open
Description
I think it should be use a secure random algorithm “SecureRandom” to generate verifycode
An attacker will simply compute the seed from the output values observed. This takes significantly less time than 2^48 in the case of java.util.Random.
It is shown that you can predict future Random outputs observing only two(!) output values in time roughly 2^16.
Metadata
Metadata
Assignees
Labels
No labels