Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot

...

Wiki Markup
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\] [Class Random|http://java.sun.com/javase/6/docs/api/java/util/Random.html]
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\] [Class SecureRandom|http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]
\[[Find Bugs 08|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]\] BC: Random objects created and used only once
\[[Monsch 06|AA. Java References#Monsch 06]\]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html] "Use of Insufficiently Random Values", [CWE ID 327 |http://cwe.mitre.org/data/definitions/327.html], "Use of a Broken or Risky Cryptographic Algorithm," [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html], "Use of Insufficiently Random Values", [CWE ID 333| http://cwe.mitre.org/data/definitions/333.html] "Failure to Handle Insufficient Entropy in TRNG", [CWE ID 332|http://cwe.mitre.org/data/definitions/332.html] "Insufficient Entropy in PRNG", [CWE ID 337|http://cwe.mitre.org/data/definitions/337.html] "Predictable Seed in PRNG", [CWE ID 336|http://cwe.mitre.org/data/definitions/336.html] "Same Seed in PRNG"

...

MSC07MSC09-J. Do not assume infinite heap spaceuse insecure or weak cryptographic algorithms      49. Miscellaneous (MSC)      MSC31-J. Never hardcode sensitive information