Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method bE.<clinit>() calling method java.util.Random.<init>()


    static bE()
    {
        bE.a = PD.a("jcifs.smb.lmCompatibility", 3);
        bE.b = new java.util.Random();
        bE.c = qE.a();
        bE v0_2 = new byte[8];
        v0_2 = {75, 71, 83, 33, 64, 35, 36, 37};
        bE.d = v0_2;
        bE.h = new bE("", "", "");
        bE.i = new bE("", "", "");
        bE.j = new bE("?", "GUEST", "");
        bE.k = new bE(0);
        return;
    }

Method ZD.<clinit>() calling method java.security.SecureRandom.<init>()


    static ZD()
    {
        ZD.j = new java.security.SecureRandom();
        int v0_5 = 1;
        if (!PD.a("jcifs.smb.client.useUnicode", 1)) {
            v0_5 = 2;
        }
        ZD.d = (v0_5 | 512);
        ZD.e = PD.a("jcifs.smb.client.domain", 0);
        ZD.f = PD.a("jcifs.smb.client.username", 0);
        ZD.g = PD.a("jcifs.smb.client.password", 0);
        try {
        } catch (java.net.UnknownHostException) {
        }
        ZD.h = UD.c().b();
        ZD.i = PD.a("jcifs.smb.lmCompatibility", 3);
        return;
    }

Method org.apache.cordova.CordovaBridge.generateBridgeSecret() calling method java.security.SecureRandom.<init>()


    public int generateBridgeSecret()
    {
        this.expectedBridgeSecret = new java.security.SecureRandom().nextInt(2147483647);
        return this.expectedBridgeSecret;
    }

Method iC$b.g() calling method java.security.SecureRandom.<init>()


    public static void g()
    {
        if (android.os.Build$VERSION.SDK_INT <= 18) {
            String v0_12 = java.security.Security.getProviders("SecureRandom.SHA1PRNG");
            try {
                if ((v0_12 == null) || ((v0_12.length < 1) || (!v0_12[0].getClass().getSimpleName().equals(iC$b$b.getSimpleName())))) {
                    java.security.Security.insertProviderAt(new iC$b$b(), 1);
                }
            } catch (String v0_18) {
                throw v0_18;
            }
            String v0_8 = new java.security.SecureRandom();
            if (!v0_8.getProvider().getClass().getSimpleName().equals(iC$b$b.getSimpleName())) {
                StringBuilder v3_6 = new StringBuilder();
                v3_6.append("new SecureRandom() backed by wrong Provider: ");
                v3_6.append(v0_8.getProvider().getClass());
                throw new SecurityException(v3_6.toString());
            } else {
                try {
                    String v0_14 = java.security.SecureRandom.getInstance("SHA1PRNG");
                } catch (SecurityException v2_7) {
                    new SecurityException("SHA1PRNG not available", v2_7);
                }
                if (!v0_14.getProvider().getClass().getSimpleName().equals(iC$b$b.getSimpleName())) {
                    StringBuilder v3_11 = new StringBuilder();
                    v3_11.append("SecureRandom.getInstance(\"SHA1PRNG\") backed by wrong Provider: ");
                    v3_11.append(v0_14.getProvider().getClass());
                    throw new SecurityException(v3_11.toString());
                } else {
                    return;
                }
            }
        } else {
            return;
        }
    }