Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8042904

apple.security.KeychainStore.getSalt() calling generateSeed()

    XMLWordPrintable

    Details

      Backports

        Description

        While looking at JDK-6491602, I did a search of the codebase to look for similar occurrences. This one came up.

        (src/java.base/macosx/classes/apple/security/KeychainStore.java)

            private byte[] getSalt()
            {
                // Generate a random salt.
                byte[] salt = new byte[SALT_LEN];
                if (random == null) {
                    random = new SecureRandom();
                }
                salt = random.generateSeed(SALT_LEN);
                return salt;
            }

        I think SecureRandom.nextBytes is more appropriate here and better for performance.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                coffeys Sean Coffey
                Reporter:
                coffeys Sean Coffey
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: