Bug #3683

include PRNGFixes.java

Added by hans over 3 years ago. Updated over 3 years ago.

Status:NewStart date:08/27/2014
Priority:UrgentDue date:
Assignee:-% Done:


Category:-Spent time:-
Target version:-


The cryptographically secure random number generator exposed to Android through the Java Cryptography Architecture is not properly initialized on some older unpatched versions of Android. Google provides a PRNGFixes.java class to force secure seeding of the CSRNG on all platform versions. This comment adds the PRNGFixes class & and a call to invoke the fixes from the FDroidApp class.

More detail is available from the Google Android Developers blogpost on the subject:

Related issues

Related to NoteCipher - Bug #3685: include PRNGFixes.java Resolved 08/27/2014


#1 Updated by hans over 3 years ago

For the record, cacheword includes PRNGFixes.java. Google recommends that it is run in Application.onCreate(), and it doesn't look like cacheword is being started in there. It is really easy to include, so better safe than sorry :-) Just copy PRNGFixes.java anywhere in your project, then run PRNGFixes.apply() in your Appliction subclass's onCreate():


Also available in: Atom PDF