Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.1.2
-
None
Description
Sha512Crypt uses java.util.Random to generate a random salt which is not secure. For reference, the Commons Codec Sha512Crypt implementation uses SecureRandom if a user-specified salt is not supplied:
Attachments
Issue Links
- links to