ページ

2013/12/22

[Android]PRNGFixes makes SecureRandom more random

夏に Some SecureRandom Thoughts | Android Developers Blogという記事や
Androidの乱数生成機能の問題、36万以上のアプリに影響する恐れという記事があり、
へーとか思いながらスルーしていたんだけど SecureRandom を使う機会があったので
対策コードを適用した Application クラスを作ってみた。

add PRNGFixes · 1c3d52c · wada811/AndroidLibrary-wada811

/*
 * Copyright 2013 wada811<at.wada811@gmail.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package at.wada811.app;

import android.app.Application;
import at.wada811.security.PRNGFixes;
import java.security.SecureRandom;

/**
 * Fixes for the output of the default PRNG having low entropy.
 * {@link PRNGFixes} makes {@link SecureRandom} more random.
 * 
 * @see <a href="http://android-developers.blogspot.jp/2013/08/some-securerandom-thoughts.html">Some
 *      SecureRandom Thoughts | Android Developers Blog</a>
 */
public class AppFixedPRNG extends Application {

    @Override
    public void onCreate(){
        super.onCreate();
        PRNGFixes.apply();
    }

}

こんな感じで使おう!
public class App extends AppFixedPRNG {

}
<application android:name=".App" >

アプリ内課金のノンスとかも SecureRandom を使っているらしいし、忘れないようにしよう。