Skip to content

O
Openfire
Commit 08eb2993 authored by Guus der Kinderen's avatar Guus der Kinderen
Browse files
Options

Default to strong RNG for encryption.

parent ccfee2ea
Show whitespace changes
Inline Side-by-side
Showing with 3 additions and 4 deletions
src/java/org/jivesoftware/util/Blowfish.java
View file @ 08eb2993
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
package org.jivesoftware.util; package org.jivesoftware.util;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Random; import java.util.Random;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -31,7 +32,7 @@ public class Blowfish implements Encryptor { ...@@ -31,7 +32,7 @@ public class Blowfish implements Encryptor {
private static final Logger Log = LoggerFactory.getLogger(Blowfish.class); private static final Logger Log = LoggerFactory.getLogger(Blowfish.class);
private BlowfishCBC m_bfish; private BlowfishCBC m_bfish;
private static Random m_rndGen = new Random(); private static Random m_rndGen = new SecureRandom();
private static final String DEFAULT_KEY = "Blowfish-CBC"; private static final String DEFAULT_KEY = "Blowfish-CBC";
/** /**
...@@ -52,9 +53,7 @@ public class Blowfish implements Encryptor { ...@@ -52,9 +53,7 @@ public class Blowfish implements Encryptor {
} }
/** /**
* Encrypts a string (treated in UNICODE) using the * Encrypts a string (treated in UNICODE).
* standard Java random generator, which isn't that
* great for creating IVs
* *
* @param sPlainText string to encrypt * @param sPlainText string to encrypt
* @return encrypted string in binhex format * @return encrypted string in binhex format
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023