commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Camilo Espitia Manrique (JIRA)" <>
Subject [jira] [Created] (MATH-1182) BUG - Insufficient Entropy in Commons-math3-3.3
Date Tue, 23 Dec 2014 21:56:14 GMT
David Camilo Espitia Manrique created MATH-1182:

             Summary: BUG - Insufficient Entropy in Commons-math3-3.3
                 Key: MATH-1182
             Project: Commons Math
          Issue Type: Bug
    Affects Versions: 3.3
            Reporter: David Camilo Espitia Manrique
             Fix For: 3.3

We are currently using Commons-math3-3.3 and in the analysis for veracode, found this bug
in these class:

1. (Line 813)
2. (Line 78 and Line 85)
3. (Line 164 and Line 172)

Type : Insufficient Entropy


Standard random number generators do not provide a sufficient amount of entropy when used
for security purposes.
Attackers can brute force the output of pseudorandom number generators such as rand().


If this random number is used where security is a concern, such as generating a session key
or session identifier, use
a trusted cryptographic random number generator instead. These can be found on the Windows
platform in the
CryptoAPI or in an open source library such as OpenSSL.


This message was sent by Atlassian JIRA

View raw message