keycloak-aplcache

Merge pull request #1882 from abstractj/KEYCLOAK-2048 KEYCLOAK-2148: …

11/26/2015 4:40:52 PM

Update HmacOTP to make use of SecureRandom

Stian Thorgersen

Commit: d510516

Tree: d8d622a

Parents: 7a9e2db
0d582a1

Changes

model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java 4(+2 -2)

Details

model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java 4(+2 -2)

diff --git a/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java b/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
index 210f82b..1f42f57 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
@@ -3,7 +3,7 @@ package org.keycloak.models.utils;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.math.BigInteger;
-import java.util.Random;
+import java.security.SecureRandom;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -29,7 +29,7 @@ public class HmacOTP {
 
     public static String generateSecret(int length) {
         String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
-        Random r = new Random();
+        SecureRandom r = new SecureRandom();
         StringBuilder sb = new StringBuilder();
         for (int i = 0; i < length; i++) {
             char c = chars.charAt(r.nextInt(chars.length()));