[CODEC-310] Documentation update for the org.apache.commons.codec.digest.* package - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.16
Fix Version/s: 1.16.1
Labels:
None

Description

The Javadocs for classes in the org.apache.commons.codec.digest.* package reference the use of ThreadLocalRandom for salt generation (specifically Crypt, Md5Crypt and Sha2Crypt classes). However, looking at the source code, the salt generation is happening the in the B64.java class which uses SecureRandom - on line 79:

https://github.com/apache/commons-codec/blob/master/src/main/java/org/apache/commons/codec/digest/B64.java#L79

Additionally, the documentation doesn't list any of these under digest classes:

https://commons.apache.org/proper/commons-codec/userguide.html

I am providing a PR that does the following:

Documents that SecureRandom is used by changing Javadocs in these classes
Changes salt generation in UnixCrypt to use SecureRandom to match the other classes
Update the userguide to list all functions from the digest package
Changes the hyperlinks in the user guide from HTTP to HTTPS

Attachments

Issue Links

links to

GitHub Pull Request #208

Activity

People

Assignee:: Unassigned

Reporter:: Yakov Shafranovich

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Sep/23 19:53

Updated:: 28/Sep/23 21:56

Resolved:: 28/Sep/23 21:54