http://www.bouncycastle.org/jira/browse/BMA-82

- use SecureRandom to generate "arbitrary" values

1 files changed, 4 insertions, 2 deletions

diff --git a/crypto/src/math/raw/Mod.cs b/crypto/src/math/raw/Mod.cs
index 63467e668..8d9e8fd21 100644
--- a/crypto/src/math/raw/Mod.cs
+++ b/crypto/src/math/raw/Mod.cs
@@ -2,12 +2,15 @@
 using System.Diagnostics;
 
 using Org.BouncyCastle.Crypto.Utilities;
+using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Math.Raw
 {
     internal abstract class Mod
     {
+        private static readonly SecureRandom RandomSource = new SecureRandom();
+
         public static void Invert(uint[] p, uint[] x, uint[] z)
         {
             int len = p.Length;
@@ -77,7 +80,6 @@ namespace Org.BouncyCastle.Math.Raw
         public static uint[] Random(uint[] p)
         {
             int len = p.Length;
-            Random rand = new Random();
             uint[] s = Nat.Create(len);
 
             uint m = p[len - 1];
@@ -90,7 +92,7 @@ namespace Org.BouncyCastle.Math.Raw
             do
             {
                 byte[] bytes = new byte[len << 2];
-                rand.NextBytes(bytes);
+                RandomSource.NextBytes(bytes);
                 Pack.BE_To_UInt32(bytes, 0, s);
                 s[len - 1] &= m;
             }