I forgot to replace Random with SecureRandom for the RNG used for gen…

…erating passphrases/passwords... bad oversight on my part.
GoSimpleLLC · Dec 23, 2016 · 6afa11b · 6afa11b
1 parent 0a1fc3d
commit 6afa11b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -81,7 +81,7 @@ Password #2, while not allowed by our policy, is only susceptible to a brute for
 <dependency>
     <groupId>me.gosimple</groupId>
     <artifactId>nbvcxz</artifactId>
-    <version>1.3.0</version>
+    <version>1.3.1</version>
 </dependency>
 ```
 
@@ -90,7 +90,7 @@ Password #2, while not allowed by our policy, is only susceptible to a brute for
 
 ### Standalone
 To use as a stand-alone program, just compile, and run it by calling:
-`java -jar nbvcxz-1.3.0.jar`
+`java -jar nbvcxz-1.3.1.jar`
 ![alt text](http://i.imgur.com/9c070FX.png)
 
 ### Library

diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
     <groupId>me.gosimple</groupId>
     <artifactId>nbvcxz</artifactId>
     <packaging>jar</packaging>
-    <version>1.3.0</version>
+    <version>1.3.1</version>
 
     <name>nbvcxz</name>
     <description>Nbvcxz takes heavy inspiration from the zxcvbn library built by Dropbox, and in a lot of ways is

diff --git a/src/main/java/me/gosimple/nbvcxz/resources/Generator.java b/src/main/java/me/gosimple/nbvcxz/resources/Generator.java
@@ -1,17 +1,19 @@
 package me.gosimple.nbvcxz.resources;
 
-import java.util.Random;
+import java.security.SecureRandom;
 
 /**
  * Password generation class
+ *
  * @author Adam Brusselback.
  */
 public class Generator
 {
     /**
      * Generates a passphrase from the eff_large standard dictionary with the requested word count.
+     *
      * @param delimiter delimiter to place between words
-     * @param words the count of words you want in your passphrase
+     * @param words     the count of words you want in your passphrase
      * @return the passphrase
      */
     public static String generatePassphrase(final String delimiter, final int words)
@@ -21,15 +23,16 @@ public static String generatePassphrase(final String delimiter, final int words)
 
     /**
      * Generates a passphrase from the supplied dictionary with the requested word count.
-     * @param delimiter delimiter to place between words
-     * @param words the count of words you want in your passphrase
+     *
+     * @param delimiter  delimiter to place between words
+     * @param words      the count of words you want in your passphrase
      * @param dictionary the dictionary to use for generating this passphrase
      * @return the passphrase
      */
     public static String generatePassphrase(final String delimiter, final int words, final Dictionary dictionary)
     {
         String result = "";
-        final Random rnd = new Random();
+        final SecureRandom rnd = new SecureRandom();
         final int high = dictionary.getSortedDictionary().size();
         for (int i = 1; i <= words; i++)
         {
@@ -44,8 +47,9 @@ public static String generatePassphrase(final String delimiter, final int words,
 
     /**
      * Generates a random password of the specified length with the specified characters.
+     *
      * @param characterTypes the types of characters to include in the password
-     * @param length the length of the password
+     * @param length         the length of the password
      * @return the password
      */
     public static String generateRandomPassword(final CharacterTypes characterTypes, final int length)
@@ -74,7 +78,7 @@ public static String generateRandomPassword(final CharacterTypes characterTypes,
         }
 
         final int charactersLength = characters.length();
-        final Random rnd = new Random();
+        final SecureRandom rnd = new SecureRandom();
 
         for (int i = 0; i < length; i++)
         {