jmestwa-coder opened a new pull request, #1439: URL: https://github.com/apache/wicket/pull/1439
## Summary Replace `java.util.Random` with `SecureRandom` in cryptographic usage and remove hardcoded `"SHA1PRNG"`. ## Changes * Use `SecureRandom` for salt generation in `SunJceCrypt` * Replace `"SHA1PRNG"` with `new SecureRandom()` in `DefaultSecureRandomSupplier` ## Why * `Random` is predictable and not suitable for cryptographic use * Salt generation requires high-entropy randomness * Avoid hardcoded PRNG and let JVM choose the appropriate provider ## Impact * No API or behavior changes * Backward compatible * Improves randomness quality in security-sensitive paths -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
