Bug #3683
include PRNGFixes.java
Status: | New | Start date: | 08/27/2014 | |
---|---|---|---|---|
Priority: | Urgent | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | Spent time: | - | |
Target version: | - | |||
Component: |
Description
The cryptographically secure random number generator exposed to Android through the Java Cryptography Architecture is not properly initialized on some older unpatched versions of Android. Google provides a PRNGFixes.java
class to force secure seeding of the CSRNG on all platform versions. This comment adds the PRNGFixes class & and a call to invoke the fixes from the FDroidApp class.
More detail is available from the Google Android Developers blogpost on the subject:
http://android-developers.blogspot.ca/2013/08/some-securerandom-thoughts.html
Related issues
History
#1 Updated by hans over 3 years ago
For the record, cacheword includes PRNGFixes.java
. Google recommends that it is run in Application.onCreate()
, and it doesn't look like cacheword is being started in there. It is really easy to include, so better safe than sorry :-) Just copy PRNGFixes.java
anywhere in your project, then run PRNGFixes.apply()
in your Appliction
subclass's onCreate()
:
https://github.com/guardianproject/notecipher/commit/ae993855a070df642e6022e4c8431bbb798d544b