diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
index fd7b4da..bf5148d 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
@@ -27,6 +27,7 @@ import org.keycloak.models.utils.Base32;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
+import java.security.SecureRandom;
import java.util.Random;
@@ -50,15 +51,22 @@ public class TotpBean {
private static String randomString(int length) {
String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
- Random r = new Random();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < length; i++) {
- char c = chars.charAt(r.nextInt(chars.length()));
+ char c = chars.charAt(random.nextInt(chars.length()));
sb.append(c);
}
return sb.toString();
}
+ private static final SecureRandom random;
+
+ static
+ {
+ random = new SecureRandom();
+ random.nextInt();
+ }
+
public boolean isEnabled() {
return enabled;
}
