KEYCLOAK-2148: Update HmacOTP to make use of SecureRandom

2015-11-26 15:53:56 -02:00 · 2015-11-26 15:53:56 -02:00 · 0d582a1326
commit 0d582a1326
parent 4a020d545b
1 changed files with 2 additions and 2 deletions
--- a/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
@ -3,7 +3,7 @@ package org.keycloak.models.utils;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import java.math.BigInteger;
-import java.util.Random;
+import java.security.SecureRandom;

 /**
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -29,7 +29,7 @@ public class HmacOTP {

    public static String generateSecret(int length) {
        String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
-        Random r = new Random();
+        SecureRandom r = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < length; i++) {
            char c = chars.charAt(r.nextInt(chars.length()));