-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 8, 11, 13
-
Component/s: security-libs
-
b23
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8225820 | 14 | Sean Coffey | P4 | Resolved | Fixed | team |
While looking at JDK-6491602, I did a search of the codebase to look for similar occurrences. This one came up.
(src/java.base/macosx/classes/apple/security/KeychainStore.java)
private byte[] getSalt()
{
// Generate a random salt.
byte[] salt = new byte[SALT_LEN];
if (random == null) {
random = new SecureRandom();
}
salt = random.generateSeed(SALT_LEN);
return salt;
}
I think SecureRandom.nextBytes is more appropriate here and better for performance.
(src/java.base/macosx/classes/apple/security/KeychainStore.java)
private byte[] getSalt()
{
// Generate a random salt.
byte[] salt = new byte[SALT_LEN];
if (random == null) {
random = new SecureRandom();
}
salt = random.generateSeed(SALT_LEN);
return salt;
}
I think SecureRandom.nextBytes is more appropriate here and better for performance.
- backported by
-
JDK-8225820 apple.security.KeychainStore.getSalt() calling generateSeed()
-
- Resolved
-
- relates to
-
-
- Closed
-