ssh: use a single SecureRandom instance for hashing hostnames
According to Spotbugs, that's better practice. It's questionable whether it makes a big difference, though, especially since the hash is the cryptographically weak SHA1. Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
af0126e1d0
commit
180bc67e28
|
@ -34,6 +34,7 @@
|
|||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Random;
|
||||
import java.util.TreeSet;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.function.Supplier;
|
||||
|
@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase
|
|||
|
||||
private final List<HostKeyFile> defaultFiles = new ArrayList<>();
|
||||
|
||||
private Random prng;
|
||||
|
||||
/**
|
||||
* Creates a new {@link OpenSshServerKeyDatabase}.
|
||||
*
|
||||
|
@ -680,7 +683,9 @@ private String createHostKeyLine(Collection<SshdSocketAddress> patterns,
|
|||
// or to Apache MINA sshd.
|
||||
NamedFactory<Mac> digester = KnownHostDigest.SHA1;
|
||||
Mac mac = digester.create();
|
||||
SecureRandom prng = new SecureRandom();
|
||||
if (prng == null) {
|
||||
prng = new SecureRandom();
|
||||
}
|
||||
byte[] salt = new byte[mac.getDefaultBlockSize()];
|
||||
for (SshdSocketAddress address : patterns) {
|
||||
if (result.length() > 0) {
|
||||
|
|
Loading…
Reference in New Issue