Skip to main content

Introduced protections against predictable RNG abuse

pixee:java/secure-random

ImportanceReview GuidanceRequires Scanning Tool
MEDIUMMerge Without ReviewNo

This change replaces all new instances of java.util.Random with the marginally slower, but much more secure java.security.SecureRandom.

We have to work pretty hard to get computers to generate genuinely unguessable random bits. The java.util.Random type uses a method of pseudo-random number generation that unfortunately emits fairly predictable numbers.

If the numbers it emits are predictable, then it's obviously not safe to use in cryptographic operations, file name creation, token construction, password generation, and anything else that's related to security. In fact, it may affect security even if it's not directly obvious.

Switching to a more secure version is simple and our changes all look something like this:

- Random r = new Random();
+ Random r = new java.security.SecureRandom();

References