Merge pull request #3 from idpass/mobsfreport

Change: Random -> SecureRandom, MD5 -> SHA-256
idpass · Mar 1, 2022 · 5e8be6f · 5e8be6f
2 parents 182172d + 6588816
commit 5e8be6f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java b/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java
@@ -236,7 +236,7 @@ private String edPub2curvePub(String edPub) throws SodiumException {
 
     /**
      * Encrypts payload and chunk it into small pieces. The first chunk type is the
-     * begin chunk that describes the total count of chunks, the size and MD5 of the
+     * begin chunk that describes the total count of chunks, the size and hash of the
      * payload. It is followed by a series of chunk types with the chunk content
      * and its fractional percentage relative to the whole. The last is the end chunk
      * which contains the nonce used to encrypt the payload.
@@ -264,7 +264,7 @@ public BlockingQueue<JSONObject> chunkPayload(String payload, String pubkeyED255
             beginJson.put("type", "begin");
             beginJson.put("count", chunksCount);
             beginJson.put("size", payload.getBytes().length);
-            beginJson.put("md5", Utils.md5(payload));
+            beginJson.put("hash", Utils.computeHash(payload));
 
             outbound.add(beginJson);
             int n = 1;

diff --git a/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java b/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java
@@ -23,9 +23,9 @@
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 /**
  * Some common generic utility functions
@@ -37,7 +37,7 @@ static public void pause(int nsec) {
         int pauseSeconds = nsec;
         // Randomize it if not supplied
         if (pauseSeconds <= 0) {
-            Random ran = new Random();
+            SecureRandom ran = new SecureRandom();
             pauseSeconds = 9 + ran.nextInt(30);
             Log.d(TAG, "pause " + pauseSeconds);
         }
@@ -53,7 +53,7 @@ static public void pause(int nsec) {
     static String getRandomString(int len) {
         String SALTCHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
         StringBuilder salt = new StringBuilder();
-        Random rnd = new Random();
+        SecureRandom rnd = new SecureRandom();
         while (salt.length() < len) { // length of the random string.
             int index = (int) (rnd.nextFloat() * SALTCHARS.length());
             salt.append(SALTCHARS.charAt(index));
@@ -89,17 +89,17 @@ static public List<String> splitPayload(String payload) {
     }
 
     /**
-     * Calculates the MD5 checksum.
+     * Calculates the hash.
      *
-     * @param text The text data to compute an MD5 checksum from
-     * @return Returns the MD5 checksum of text
+     * @param text The text data to compute a hash from
+     * @return Returns the hash of text
      */
-    static public String md5(String text) {
-        MessageDigest md5 = null;
+    static public String computeHash(String text) {
+        MessageDigest hash = null;
         try {
-            md5 = MessageDigest.getInstance("MD5");
-            md5.update(text.getBytes());
-            byte[] buf = md5.digest(); // echo -ne 'apple' | md5
+            hash = MessageDigest.getInstance("SHA-256");
+            hash.update(text.getBytes());
+            byte[] buf = hash.digest(); // echo -ne 'apple' | sha256sum
             return toHexString(buf);
         } catch (NoSuchAlgorithmException e) {
             e.printStackTrace();