tinixx / connectbot

Automatically exported from code.google.com/p/connectbot
Apache License 2.0
0 stars 0 forks source link

work around Android SecureRandom flaw #663

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Since connectbot uses SecureRandom in a number of places, it ought to include 
Google's fix for the bug(s) that make SecureRandom less random than it should 
be on Android:

http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html

(No, there's no way to "reproduce" this issue... it's purely theoretical, up 
until the time when someone manages to decrypt your connection due to poor 
randomness.)

Original issue reported on code.google.com by ppell...@speakeasy.net on 27 Aug 2013 at 10:19

GoogleCodeExporter commented 9 years ago
I'd love to see the priority bumped on this. I've had to disable all of the 
ConnectBot keys in use at my org and start carrying around my laptop when on 
call again.

Original comment by star...@gmail.com on 6 Sep 2013 at 9:39