Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

On systems with a /dev/urandom, we defer to the operating system for our source of secure pseudorandom numbers. On other systems, we sort of let the ball drop. We should use a FIPS-140-2 compliant PRNG for SecureRandom on all systems, one way or another.

is related to

SERVER-2360 Add a stronger password authentication scheme (replace md5 with sha?)

Closed

SERVER-7648 Support Use of FIPS 140-2 Compliant Crypto Library

Closed

SERVER-17422 Improve random number number gen

Closed

related to

SERVER-21253 Improve structure and functionality of random number generation classes

Backlog

SERVER-20919 Use OpenSSL to generate IVs

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Andy Schwerin
Participants:: [DO NOT USE] Backlog - Security Team, Andy Schwerin, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Mar 21 2013 05:01:20 PM UTC
Updated:: Dec 06 2022 05:22:54 AM UTC
Confidence Status Last Update:: 29/Sep/17 8:43 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates