From 65888164ce31d789d7469a22dad7a539179487d4 Mon Sep 17 00:00:00 2001 From: dexter Date: Mon, 28 Feb 2022 12:03:51 +0800 Subject: [PATCH] Change: Random -> SecureRandom, MD5 -> SHA-256 --- .../connection/EncryptionUtils.java | 4 ++-- .../idpass/smartshare/connection/Utils.java | 22 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java b/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java index 4b673b4..f287a5e 100644 --- a/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java +++ b/smartshare/src/main/java/org/idpass/smartshare/connection/EncryptionUtils.java @@ -236,7 +236,7 @@ private String edPub2curvePub(String edPub) throws SodiumException { /** * Encrypts payload and chunk it into small pieces. The first chunk type is the - * begin chunk that describes the total count of chunks, the size and MD5 of the + * begin chunk that describes the total count of chunks, the size and hash of the * payload. It is followed by a series of chunk types with the chunk content * and its fractional percentage relative to the whole. The last is the end chunk * which contains the nonce used to encrypt the payload. @@ -264,7 +264,7 @@ public BlockingQueue chunkPayload(String payload, String pubkeyED255 beginJson.put("type", "begin"); beginJson.put("count", chunksCount); beginJson.put("size", payload.getBytes().length); - beginJson.put("md5", Utils.md5(payload)); + beginJson.put("hash", Utils.computeHash(payload)); outbound.add(beginJson); int n = 1; diff --git a/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java b/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java index e389620..bf5d457 100644 --- a/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java +++ b/smartshare/src/main/java/org/idpass/smartshare/connection/Utils.java @@ -23,9 +23,9 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; -import java.util.Random; /** * Some common generic utility functions @@ -37,7 +37,7 @@ static public void pause(int nsec) { int pauseSeconds = nsec; // Randomize it if not supplied if (pauseSeconds <= 0) { - Random ran = new Random(); + SecureRandom ran = new SecureRandom(); pauseSeconds = 9 + ran.nextInt(30); Log.d(TAG, "pause " + pauseSeconds); } @@ -53,7 +53,7 @@ static public void pause(int nsec) { static String getRandomString(int len) { String SALTCHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; StringBuilder salt = new StringBuilder(); - Random rnd = new Random(); + SecureRandom rnd = new SecureRandom(); while (salt.length() < len) { // length of the random string. int index = (int) (rnd.nextFloat() * SALTCHARS.length()); salt.append(SALTCHARS.charAt(index)); @@ -89,17 +89,17 @@ static public List splitPayload(String payload) { } /** - * Calculates the MD5 checksum. + * Calculates the hash. * - * @param text The text data to compute an MD5 checksum from - * @return Returns the MD5 checksum of text + * @param text The text data to compute a hash from + * @return Returns the hash of text */ - static public String md5(String text) { - MessageDigest md5 = null; + static public String computeHash(String text) { + MessageDigest hash = null; try { - md5 = MessageDigest.getInstance("MD5"); - md5.update(text.getBytes()); - byte[] buf = md5.digest(); // echo -ne 'apple' | md5 + hash = MessageDigest.getInstance("SHA-256"); + hash.update(text.getBytes()); + byte[] buf = hash.digest(); // echo -ne 'apple' | sha256sum return toHexString(buf); } catch (NoSuchAlgorithmException e) { e.printStackTrace();