Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
- server-security-triage-reviewed

Assigned Teams:

Server Security
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

On systems with a /dev/urandom, we defer to the operating system for our source of secure pseudorandom numbers. On other systems, we sort of let the ball drop. We should use a FIPS-140-2 compliant PRNG for SecureRandom on all systems, one way or another.

is related to

SERVER-2360 Add a stronger password authentication scheme (replace md5 with sha?)

Closed

SERVER-7648 Support Use of FIPS 140-2 Compliant Crypto Library

Closed

SERVER-17422 Improve random number number gen

Closed

related to

SERVER-20919 Use OpenSSL to generate IVs

Closed

SERVER-21253 Improve structure and functionality of random number generation classes

Closed

Assignee:: Unassigned
Reporter:: Andy Schwerin (Inactive)
Participants:: Andy Schwerin, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Mar 21 2013 05:01:20 PM UTC
Updated:: May 13 2026 06:40:05 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates