Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: master
    • Fix Version/s: None
    • Component/s: mailbox, Queue
    • Labels:

      Description

      java.util.Random is a Linear Congruential Generator and Math.random is based on it. That means that both functions produce predictable values.

      An attacker could leverage this property against James to eventually "obtain/use" an already "in-use" pseudo-randomly generated number to overwrite things like files, emails, mailboxes, etc. Such scenarios are rather unlikely but still in theory much more feasible than if a true robust and cryptographically strong RNG was used. java.security.SecureRandom has these properties.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              thithib Thibaut SAUTEREAU
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: