...
MSC02-EX1: Using the default constructor for java.util.Random applies a seed value that is "very likely to be distinct from any other invocation of this constructor" (API 2006), and may improve security marginally. ThereforeAs a result, it may only be used for non-critical applications operating on non-sensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2820c38e632b75c5-23b5f1a6-4ea94d1d-b6d0be68-b3a8b1697813ca2abd5ef754"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 330 | http://cwe.mitre.org/data/definitions/330.html] "Use of Insufficiently Random Values" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 327 "Use of a Broken or Risky Cryptographic Algorithm" | ||||
| CWE ID 330 "Use of Insufficiently Random Values" | ||||
| CWE ID 333 "Improper Handling of Insufficient Entropy in TRNG" | ||||
| CWE ID 332 "Insufficient Entropy in PRNG" | ||||
| CWE ID 337 "Predictable Seed in PRNG" | ||||
| CWE ID 336 "Same Seed in PRNG" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac8a0d5d82b97a63-43ee9815-48bf498e-909badb3-5bb18746284a3a6a9d546d2a"><ac:plain-text-body><![CDATA[ | [[API 2006 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]] | [Class Random | http://java.sun.com/javase/6/docs/api/java/util/Random.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e419dbc6427849cb-f2a0dcd4-48b847dd-bab396ad-4c6ffb407b9c48de8dcb3902"><ac:plain-text-body><![CDATA[ | [[API 2006 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]] | [Class SecureRandom | http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2c268db2f72d74f5-94be00eb-49f142a4-8d75b020-5cf2dd6f0885f391b25e23a6"><ac:plain-text-body><![CDATA[ | [[Find Bugs 2008 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]] | BC: Random objects created and used only once | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0d78ca3e11d05649-f0eb7b8b-4d2e40fa-9e0b8516-09d3769d10e2234c38978d4a"><ac:plain-text-body><![CDATA[ | [[Monsch 2006 | AA. Bibliography#Monsch 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...