external-software/github_OpenIdentityPlatform_OpenDJ.git

external-software / github_OpenIdentityPlatform_OpenDJ

mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git

parent: be0d3e36 | patch | commit | ignore whitespace

OPENDJ-2557 - use a secure PRNG when generating password content

Matthew Swift

17.16.2015 a915010eecffccd5a4169996ed42331a2d94769c

OPENDJ-2557 - use a secure PRNG when generating password content

Use SecureRandom() when generating password content in order to make
generated passwords less predictable. On *nix systems this
implementation will consume data from /dev/urandom which is slower than
using a PRNG and may also block if there is insufficient entropy.
However, password generation is a relatively rare event, so the
potential performance implications can be ignored.

1 files modified

opendj-server-legacy/src/main/java/org/opends/server/types/NamedCharacterSet.java

4 ●●●●● patch | view | raw | blame | history

 opendj-server-legacy/src/main/java/org/opends/server/types/NamedCharacterSet.java

@@ -29,7 +29,7 @@
import org.forgerock.i18n.LocalizableMessage;



import java.security.SecureRandom;
import java.util.Random;
import java.util.SortedSet;

@@ -76,7 +76,7 @@
  public NamedCharacterSet(String name, char[] characters)
         throws ConfigException
  {
    this(name, characters, new Random());
    this(name, characters, new SecureRandom());
  }

			@@ -29,7 +29,7 @@
			import org.forgerock.i18n.LocalizableMessage;



			import java.security.SecureRandom;
			import java.util.Random;
			import java.util.SortedSet;

			@@ -76,7 +76,7 @@
			public NamedCharacterSet(String name, char[] characters)
			throws ConfigException
			{
			this(name, characters, new Random());
			this(name, characters, new SecureRandom());
			}