Use SecureRandom instead of Random (#15459)

Make sure that SecureRadom is used whenever the random number is used for cryptographic operations, e.g. as nonce/salt. Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
2023-08-20 21:29:37 +02:00
parent e86998000e
commit 95ac2eb80b
7 changed files with 14 additions and 7 deletions
--- a/bundles/org.openhab.binding.kostalinverter/src/main/java/org/openhab/binding/kostalinverter/internal/thirdgeneration/ThirdGenerationEncryptionHelper.java
+++ b/bundles/org.openhab.binding.kostalinverter/src/main/java/org/openhab/binding/kostalinverter/internal/thirdgeneration/ThirdGenerationEncryptionHelper.java
@@ -17,6 +17,7 @@ import static org.openhab.binding.kostalinverter.internal.thirdgeneration.ThirdG
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Base64;
 import java.util.Random;
@@ -105,7 +106,7 @@ final class ThirdGenerationEncryptionHelper {
     * @return nonce
     */
    static String createClientNonce() {
-        Random generator = new Random();
+        Random generator = new SecureRandom();

        // Randomize the random generator
        byte[] randomizeArray = new byte[1024];