000024982 - How to use JSAFE_SecureRandom in RSA BSAFE Crypto-J

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024982
Applies ToRSA BSAFE Crypto-J 2.1 - 3.2
RSA BSAFE Cert-J 1.0 and 1.8
IssueHow to use JSAFE_SecureRandom in RSA BSAFE Crypto-J
Sun made an undocumented change to JDK 1.2 which produced a bug in Crypto-J when using the setSeed() method with JSAFE_SecureRandom
CauseIf the setSeed method is used then the first time it is called JSAFE_SecureRandom does not actually use the seed that was set.  However, if the seed() method is used there is no problem.  Also, if setSeed() is called more than once there is no problem.
ResolutionThere are patches available for all Crypto-J version up though 3.2.  These patches are available at http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_J_SecurityPatch.html, which contains a description of the problem and the patches for each version of Crypto-J.
This bug was fixed in Crypto-J 3.2.1
Legacy Article IDa2629