Insufficient Entropy from Veracode when generating random words using java.security.SecureRandom

Asked Jul 06 '15 at 22:41

Active Jul 06 '15 at 22:41

Viewed 2,811 times

I have created a class that generates random words (Alphanumerical) using org.apache.commons.lang.RandomStringUtils.

    public String randomWord(int wordLength) {
        return RandomStringUtils.random(wordLength, 0, 0, true, true, null, new SecureRandom());
    }

This code is working perfect, however when I submit it to Veracode, I get an medium error "Insufficient Entropy (CWE ID 331)"

I thought that using SecureRandom would have be enough to fix this error but it is not and I have no idea why.

Why using SecureRandom is not good enough or secure enough?
Is there a way of using org.apache.commons.lang.RandomStringUtils without making Veracode unhappy? Is there any other secure library that could be used to generate secure random alphanumerical words?

asked Jul 06 '15 at 22:41

D.PETIT

This may help you https://github.com/Netflix/eureka/issues/932 – surendrapanday Oct 26 '18 at 12:46

Insufficient Entropy from Veracode when generating random words using java.security.SecureRandom

0 Answers0