Insecure Randomness

Open QiAnXinCodeSafe opened this issue 4 years ago • 0 comments

https://github.com/bytedance/BoostMultiDex/blob/29d4110f28a4bc3571ad336fa2c27c941d185143/boost_multidex/src/main/java/com/bytedance/boost_multidex/DexInstallProcessor.java#L26

Try not to use unsafe random numbers, especially when sensitive operations such as checksums are involved.Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values (usually integers) produced by calls to Random.nextInt(), Random.nextShort(), Random.nextLong()

Jan 21 '21 03:01 QiAnXinCodeSafe