Uploaded image for project: 'jclouds'
  1. jclouds
  2. JCLOUDS-1512

Use SecureRandom in Sha512Crypt

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.2
    • 2.2.0, 2.1.3
    • jclouds-compute
    • None

    Description

      Sha512Crypt uses java.util.Random to generate a random salt which is not secure. For reference, the Commons Codec Sha512Crypt implementation uses SecureRandom if a user-specified salt is not supplied:

      https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L138

      https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/B64.java#L81

       

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #42

          Activity

            People

              gaul Andrew Gaul
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h