The random number generator implemented by 'new Random()' cannot withstand a cryptographic attack.Standard pseudorandom number generators cannot withstand cryptographic attacks.

2025-01-07 12:34:12 +08:00 · 2025-01-07 12:34:12 +08:00 · 55e428ea9d
commit 55e428ea9d
parent 6496ae7000
2 changed files with 5 additions and 4 deletions
--- a/ruoyi-auth/ruoyi-auth-common/src/main/java/com/ruoyi/auth/common/utils/RandomCodeUtil.java
+++ b/ruoyi-auth/ruoyi-auth-common/src/main/java/com/ruoyi/auth/common/utils/RandomCodeUtil.java
@ -1,12 +1,12 @@
 package com.ruoyi.auth.common.utils;

-import java.util.Random;
+import java.security.SecureRandom;

 public class RandomCodeUtil {

    public static String randomString(String characters, int length) {
        StringBuilder result = new StringBuilder();
-        Random random = new Random();
+        SecureRandom  random = new SecureRandom();

        for (int i = 0; i < length; i++) {
            int index = random.nextInt(characters.length());
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/KaptchaTextCreator.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/KaptchaTextCreator.java
@ -1,6 +1,7 @@
 package com.ruoyi.framework.config;

-import java.util.Random;
+import java.security.SecureRandom;
+
 import com.google.code.kaptcha.text.impl.DefaultTextCreator;

 /**
@ -16,7 +17,7 @@ public class KaptchaTextCreator extends DefaultTextCreator
    public String getText()
    {
        Integer result = 0;
-        Random random = new Random();
+        SecureRandom random = new SecureRandom();
        int x = random.nextInt(10);
        int y = random.nextInt(10);
        StringBuilder suChinese = new StringBuilder();