Bug #3684

include PRNGFixes.java

Added by hans over 3 years ago. Updated over 3 years ago.

Status:NewStart date:08/27/2014
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:-Spent time:-
Target version:-
Component:

Description

The cryptographically secure random number generator exposed to Android through the Java Cryptography Architecture is not properly initialized on some older unpatched versions of Android. Google provides a PRNGFixes.java class to force secure seeding of the CSRNG on all platform versions. This comment adds the PRNGFixes class & and a call to invoke the fixes from the FDroidApp class.

More detail is available from the Google Android Developers blogpost on the subject:
http://android-developers.blogspot.ca/2013/08/some-securerandom-thoughts.html


Related issues

Related to NoteCipher - Bug #3685: include PRNGFixes.java Resolved 08/27/2014

History

#1 Updated by hans over 3 years ago

For the record, cacheword includes PRNGFixes.java. Google recommends that it is run in Application.onCreate(), and it doesn't look like cacheword is being started in there. It is really easy to include, so better safe than sorry :-) Just copy PRNGFixes.java anywhere in your project, then run PRNGFixes.apply() in your Appliction subclass's onCreate():

https://github.com/guardianproject/notecipher/commit/ae993855a070df642e6022e4c8431bbb798d544b

Also available in: Atom PDF