[JCLOUDS-1512] Use SecureRandom in Sha512Crypt - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.2
Fix Version/s: 2.2.0, 2.1.3
Component/s: jclouds-compute
Labels:
None

Description

Sha512Crypt uses java.util.Random to generate a random salt which is not secure. For reference, the Commons Codec Sha512Crypt implementation uses SecureRandom if a user-specified salt is not supplied:

https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L138

https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/B64.java#L81

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #42

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Andrew Gaul

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Aug/19 09:12

Updated:: 22/Aug/19 16:20

Resolved:: 22/Aug/19 16:19

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Use SecureRandom in Sha512Crypt

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment