You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/08/22 16:15:00 UTC

[jira] [Commented] (JCLOUDS-1512) Use SecureRandom in Sha512Crypt

    [ https://issues.apache.org/jira/browse/JCLOUDS-1512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16913451#comment-16913451 ] 

ASF subversion and git services commented on JCLOUDS-1512:
----------------------------------------------------------

Commit 7b1efdc30746e68333198c332bbca3f336f68098 in jclouds's branch refs/heads/master from Colm O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=jclouds.git;h=7b1efdc ]

JCLOUDS-1512 - Use SecureRandom in Sha512Crypt


> Use SecureRandom in Sha512Crypt
> -------------------------------
>
>                 Key: JCLOUDS-1512
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1512
>             Project: jclouds
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Sha512Crypt uses java.util.Random to generate a random salt which is not secure. For reference, the Commons Codec Sha512Crypt implementation uses SecureRandom if a user-specified salt is not supplied:
> [https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L138]
> [https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/B64.java#L81]
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.2#803003)