JDK-8042904 : apple.security.KeychainStore.getSalt() calling generateSeed()
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 8,11,13
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- Submitted: 2014-05-11
- Updated: 2020-01-20
- Resolved: 2019-05-28
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 13 | JDK 14 |
|---|---|
13 b23Fixed  |
14Fixed |
Related Reports
|
Relates :
|
Description
While looking at JDK-6491602, I did a search of the codebase to look for similar occurrences. This one came up.
(src/java.base/macosx/classes/apple/security/KeychainStore.java)
private byte[] getSalt()
{
// Generate a random salt.
byte[] salt = new byte[SALT_LEN];
if (random == null) {
random = new SecureRandom();
}
salt = random.generateSeed(SALT_LEN);
return salt;
}
I think SecureRandom.nextBytes is more appropriate here and better for performance.
Comments
|