You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2019/08/22 09:13:00 UTC
[jira] [Created] (JCLOUDS-1512) Use SecureRandom in Sha512Crypt
Colm O hEigeartaigh created JCLOUDS-1512:
--------------------------------------------
Summary: Use SecureRandom in Sha512Crypt
Key: JCLOUDS-1512
URL: https://issues.apache.org/jira/browse/JCLOUDS-1512
Project: jclouds
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Sha512Crypt uses java.util.Random to generate a random salt which is not secure. For reference, the Commons Codec Sha512Crypt implementation uses SecureRandom if a user-specified salt is not supplied:
[https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L138]
[https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/B64.java#L81]
--
This message was sent by Atlassian Jira
(v8.3.2#803003)