voucher-code-generator-java
voucher-code-generator-java copied to clipboard
fix: CSPRNG
A clever user with access to enough voucher codes can recover the initial state of a long-running Java process, allowing them to forge codes. Seed recovery of Knuth's PRNG is a practical attack: https://hal.archives-ouvertes.fr/hal-02700791/document
Since voucher codes may have monetary value, I would recommend applying this relatively trivial patch.