You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "chaijunjie (Jira)" <ji...@apache.org> on 2024/01/24 07:28:00 UTC

[jira] [Created] (CRYPTO-181) CryptoRandom should use a security random

chaijunjie created CRYPTO-181:
---------------------------------

             Summary: CryptoRandom should use a security random
                 Key: CRYPTO-181
                 URL: https://issues.apache.org/jira/browse/CRYPTO-181
             Project: Commons Crypto
          Issue Type: Improvement
    Affects Versions: 1.0.0
            Reporter: chaijunjie


when i do security check... i find the random used in 
JavaCryptoRandom not strong..it just use SHA1PRNG
[https://github.com/apache/commons-crypto/blob/master/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java]

maybe we can use DRBG instead of SHA1PRNG?

or any other solution?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)