[ https://issues.apache.org/jira/browse/JCLOUDS-1512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16913451#comment-16913451 ]
ASF subversion and git services commented on JCLOUDS-1512: ---------------------------------------------------------- Commit 7b1efdc30746e68333198c332bbca3f336f68098 in jclouds's branch refs/heads/master from Colm O hEigeartaigh [ https://gitbox.apache.org/repos/asf?p=jclouds.git;h=7b1efdc ] JCLOUDS-1512 - Use SecureRandom in Sha512Crypt > Use SecureRandom in Sha512Crypt > ------------------------------- > > Key: JCLOUDS-1512 > URL: https://issues.apache.org/jira/browse/JCLOUDS-1512 > Project: jclouds > Issue Type: Improvement > Reporter: Colm O hEigeartaigh > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Sha512Crypt uses java.util.Random to generate a random salt which is not > secure. For reference, the Commons Codec Sha512Crypt implementation uses > SecureRandom if a user-specified salt is not supplied: > [https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L138] > [https://github.com/apache/commons-codec/blob/30e5768186f73552b5f1634a76cf2c12bf26b5bb/src/main/java/org/apache/commons/codec/digest/B64.java#L81] > > -- This message was sent by Atlassian Jira (v8.3.2#803003)