This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 218784 - Investigate use of SecureRandom instead of randomUUID
Summary: Investigate use of SecureRandom instead of randomUUID
Status: RESOLVED FIXED
Alias: None
Product: platform
Classification: Unclassified
Component: Keyring (show other bugs)
Version: 7.2
Hardware: All All
: P2 normal (vote)
Assignee: Libor Fischmeistr
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-21 14:32 UTC by Antonin Nebuzelsky
Modified: 2012-11-09 02:53 UTC (History)
0 users

See Also:
Issue Type: TASK
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Antonin Nebuzelsky 2012-09-21 14:32:34 UTC 
Java's PBEWithSHA1AndDESede algorithm (SHA-1 / 3-DES) is used to encrypt passwords. It creates a random salt for the user using UUID.randomUUID().

We should investigate use of SecureRandom for the random salt.
Comment 1 Libor Fischmeistr 2012-11-08 14:53:28 UTC 
Switched to SecureRandom.

Fixed in changeset: http://hg.netbeans.org/core-main/rev/482c6e99c9a1
Comment 2 Quality Engineering 2012-11-09 02:53:25 UTC 
Integrated into 'main-golden', will be available in build *201211090001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main-golden/rev/482c6e99c9a1
User: Libor Fischmeistr <lfischmeistr@netbeans.org>
Log: #218784: Investigate use of SecureRandom instead of randomUUID