Page History

...

This noncompliant code example uses the insecure java.util.Random class. This class produces an identical sequence of numbers for each given seed value; consequently, the sequence of numbers fails to achieve true randomnessis predictable.

Code Block

bgColor	#FFCCCC

import java.util.Random;
// ...

Random number = new Random(123L);
//...
for (int i = 0; i < 20; i++) {
  // Generate another random integer in the range [0, 20]
  int n = number.nextInt(21);
  System.out.println(n);
}

...

MSC02-EX1: Predictable sequences of pseudorandom numbers are required in some cases, such as when running regression tests of program behavior. Use of the insecure java.util.Random class is permitted in such cases. However, security-related applications may invoke this exception only for testing purposes; it is inapplicable this exception may not be applied in a production context.

Risk Assessment

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bb0425f50bc563dd-3a350679-4ebd4422-aa6fb5bc-130d94421f7473307ab6bc30"><ac:plain-text-body><![CDATA[	[[API 2006	https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]]	[Class `Random`	http://java.sun.com/javase/6/docs/api/java/util/Random.html]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f85092a12187571a-ee711cdd-4f8447b2-83c5b99e-fef63ff3570dc39d22a76a35"><ac:plain-text-body><![CDATA[	[[API 2006	https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]]	[Class `SecureRandom`	http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="363efd6a21c6fcc5-19e95dcb-4d2948e3-b69f87b5-1fb88084aff132cee09924a2"><ac:plain-text-body><![CDATA[	[[Find Bugs 2008	https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]]	BC. Random objects created and used only once	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1153e0bf5ba5206f-474e1b43-4e674a55-bdbaaa10-c426a437da990f8392b553e9"><ac:plain-text-body><![CDATA[	[[Monsch 2006	AA. Bibliography#Monsch 06]]		]]></ac:plain-text-body></ac:structured-macro>

...

Space shortcuts

Page tree

Versions Compared

Old Version 89

New Version 90

Key

Risk Assessment