Use SecureRandom instead of Random

thunder-core/src/main/java/network/thunder/core/communication/layer/high/payments/messages/LNPaymentAMessage.java

@@ -3,7 +3,7 @@
 import com.google.common.base.Preconditions;
 import network.thunder.core.communication.layer.high.RevocationHash;
 
-import java.util.Random;
+import java.security.SecureRandom;
 
 public class LNPaymentAMessage implements LNPayment {
 
@@ -12,7 +12,7 @@ public class LNPaymentAMessage implements LNPayment {
     public RevocationHash newRevocation;
 
     public LNPaymentAMessage (ChannelUpdate channelUpdate, RevocationHash newRevocation) {
-        this.dice = new Random().nextInt(Integer.MAX_VALUE);
+        this.dice = new SecureRandom().nextInt(Integer.MAX_VALUE);
 
         this.channelStatus = channelUpdate;
         this.newRevocation = newRevocation;

thunder-core/src/main/java/network/thunder/core/communication/layer/low/ping/PingHandler.java

@@ -19,6 +19,7 @@
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelPromise;
 
+import java.security.SecureRandom;
 import java.util.Random;
 
 public class PingHandler extends ChannelDuplexHandler {
@@ -35,7 +36,7 @@ public class PingHandler extends ChannelDuplexHandler {
 
     ChannelHandlerContext ctx;
 
-    Random random = new Random();
+    Random random = new SecureRandom();
 
     @Override
     public void channelActive (ChannelHandlerContext ctx) throws Exception {

thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/gossip/GossipProcessorImpl.java

@@ -12,9 +12,9 @@
 import network.thunder.core.etc.Tools;
 
 import java.nio.ByteBuffer;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
@@ -61,7 +61,7 @@ public boolean consumesOutboundMessage (Object object) {
 
     @Override
     public void onLayerActive (MessageExecutor messageExecutor) {
-        this.randomNumber = new Random().nextInt();
+        this.randomNumber = new SecureRandom().nextInt();
         this.messageExecutor = messageExecutor;
         subject.registerObserver(this);
 

thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/types/PubkeyIPObject.java

@@ -8,6 +8,7 @@
 import java.nio.ByteBuffer;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.*;
@@ -33,7 +34,7 @@ public PubkeyIPObject (ResultSet set) throws SQLException {
     public static PubkeyIPObject getRandomObject () {
         PubkeyIPObject obj = new PubkeyIPObject();
 
-        Random random = new Random();
+        Random random = new SecureRandom();
 
         obj.hostname = random.nextInt(255) + "." + random.nextInt(255) + "." + random.nextInt(255) + "." + random.nextInt(255);
 

thunder-core/src/main/java/network/thunder/core/etc/Tools.java

@@ -36,6 +36,7 @@
 import java.nio.ByteBuffer;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.*;
 
 /**
@@ -46,7 +47,7 @@ public class Tools {
     final protected static char[] hexArray = "0123456789abcdef".toCharArray();
 
     public static int getRandom (int min, int max) {
-        return new Random().nextInt(max + 1 - min) + min;
+        return new SecureRandom().nextInt(max + 1 - min) + min;
     }
 
     /**
@@ -173,12 +174,12 @@ public static int boolToInt (boolean bool) {
     }
 
     public static <T extends Object> T getRandomItemFromList (List<T> list) {
-        int randomNumber = new Random().nextInt(list.size());
+        int randomNumber = new SecureRandom().nextInt(list.size());
         return list.get(randomNumber);
     }
 
     public static <T> List<T> getRandomSubList (List<T> input, int subsetSize) {
-        Random r = new Random();
+        Random r = new SecureRandom();
         int inputSize = input.size();
         for (int i = 0; i < subsetSize; i++) {
             int indexToSwap = i + r.nextInt(inputSize - i);
@@ -353,7 +354,7 @@ public static Script getMultisigInputScript (ECDSASignature client, ECDSASignatu
 
     public static byte[] getRandomByte (int amount) {
         byte[] b = new byte[amount];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(b);
         return b;
     }

thunder-core/src/main/java/network/thunder/core/helper/wallet/MockWallet.java

@@ -7,6 +7,7 @@
 import org.bitcoinj.wallet.WalletTransaction;
 
 import java.math.BigInteger;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -28,7 +29,7 @@ public MockWallet (NetworkParameters params, int totalOutputs) {
         super(params);
         //
 
-        Random random = new Random();
+        Random random = new SecureRandom();
 
         for (int i = 1; i < 101; i++) {
             Transaction transaction = new Transaction(Constants.getNetwork());

thunder-core/src/test/java/network/thunder/core/communication/layers/low/AuthenticationHandlerTest.java

@@ -1,24 +1,25 @@
 package network.thunder.core.communication.layers.low;
 
 import io.netty.channel.embedded.EmbeddedChannel;
+import network.thunder.core.communication.ClientObject;
+import network.thunder.core.communication.ServerObject;
+import network.thunder.core.communication.layer.ContextFactory;
+import network.thunder.core.communication.layer.FailureMessage;
 import network.thunder.core.communication.layer.Message;
 import network.thunder.core.communication.layer.ProcessorHandler;
 import network.thunder.core.communication.layer.low.authentication.messages.AuthenticationMessage;
-import network.thunder.core.communication.layer.ContextFactory;
-import network.thunder.core.helper.events.LNEventHelper;
-import network.thunder.core.communication.layer.FailureMessage;
 import network.thunder.core.etc.MockContextFactory;
 import network.thunder.core.etc.MockLNEventHelper;
 import network.thunder.core.etc.RandomDataMessage;
 import network.thunder.core.helper.crypto.ECDH;
-import network.thunder.core.communication.ClientObject;
-import network.thunder.core.communication.ServerObject;
+import network.thunder.core.helper.events.LNEventHelper;
 import org.junit.Before;
 import org.junit.Test;
 
 import java.beans.PropertyVetoException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
 import java.security.Security;
 import java.sql.SQLException;
 import java.util.Random;
@@ -76,7 +77,7 @@ public void authenticationFail () throws NoSuchProviderException, NoSuchAlgorith
 
         byte[] sig = authenticationMessage.signature;
         byte[] b = new byte[4];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(b);
         System.arraycopy(b, 0, sig, 10, 4);
 

thunder-core/src/test/java/network/thunder/core/communication/layers/mid/GossipHandlerTest.java

@@ -19,11 +19,11 @@
 import org.junit.Test;
 
 import java.beans.PropertyVetoException;
+import java.security.SecureRandom;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Random;
 
 import static org.hamcrest.core.IsInstanceOf.instanceOf;
 import static org.junit.Assert.*;
@@ -130,7 +130,7 @@ public void shouldAskForDataAfterInv () throws Exception {
         ArrayList<byte[]> invList = new ArrayList<>();
         for (int i = 0; i < 20; i++) {
             byte[] b = new byte[20];
-            new Random().nextBytes(b);
+            new SecureRandom().nextBytes(b);
             invList.add(b);
         }
 
@@ -227,7 +227,7 @@ private void prepareNodes () {
 
     private void prepareNode (ServerObject node) {
         node.init();
-        node.portServer = new Random().nextInt(65555);
+        node.portServer = new SecureRandom().nextInt(65555);
         node.hostServer = "localhost";
     }
 

thunder-core/src/test/java/network/thunder/core/etc/LNPaymentDBHandlerMock.java

@@ -1,15 +1,15 @@
 package network.thunder.core.etc;
 
-import network.thunder.core.communication.layer.high.ChannelStatus;
 import network.thunder.core.communication.layer.high.Channel;
+import network.thunder.core.communication.layer.high.ChannelStatus;
 import network.thunder.core.communication.layer.high.RevocationHash;
 import network.thunder.core.communication.layer.high.payments.PaymentSecret;
 import network.thunder.core.database.objects.PaymentWrapper;
 import org.bitcoinj.core.ECKey;
 
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 public class LNPaymentDBHandlerMock extends DBHandlerMock {
     public static final long INITIAL_AMOUNT_CHANNEL = 10000000;
@@ -141,7 +141,7 @@ public byte[] getReceiverOfPayment (PaymentSecret paymentSecret) {
     @Override
     public RevocationHash createRevocationHash (Channel channel) {
         byte[] secret = new byte[20];
-        new Random().nextBytes(secret);
+        new SecureRandom().nextBytes(secret);
         byte[] secretHash = Tools.hashSecret(secret);
         RevocationHash hash = new RevocationHash(1, 1, secret, secretHash);
         return hash;

thunder-core/src/test/java/network/thunder/core/etc/LNPaymentMessageFactoryMock.java

@@ -11,13 +11,14 @@
 import org.bitcoinj.core.Transaction;
 import org.bitcoinj.crypto.TransactionSignature;
 
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Random;
 
 public class LNPaymentMessageFactoryMock extends MesssageFactoryImpl implements LNPaymentMessageFactory {
-    Random random = new Random();
+    Random random = new SecureRandom();
 
     @Override
     public LNPaymentAMessage getMessageA (Channel channel, ChannelUpdate statusTemp) {

thunder-core/src/test/java/network/thunder/core/etc/RandomDataMessage.java

@@ -2,6 +2,7 @@
 
 import network.thunder.core.communication.layer.Message;
 
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Random;
 
@@ -10,7 +11,7 @@ public class RandomDataMessage implements Message {
     public RandomDataMessage () {
         //Create some gibberish to parse through them
         byte[] message = new byte[1024];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(message);
         data = message;
     }

thunder-core/src/test/java/network/thunder/core/etc/RevocationHashTest.java

@@ -3,6 +3,7 @@
 import network.thunder.core.communication.layer.high.RevocationHash;
 import org.junit.Test;
 
+import java.security.SecureRandom;
 import java.util.Random;
 
 import static org.junit.Assert.assertFalse;
@@ -13,7 +14,7 @@ public class RevocationHashTest {
     @Test
     public void shouldFailBecauseOfWrongSecret () throws Exception {
         byte[] secret = new byte[20];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(secret);
 
         RevocationHash revocationHash = new RevocationHash(10, 10, secret, secret);
@@ -23,7 +24,7 @@ public void shouldFailBecauseOfWrongSecret () throws Exception {
     @Test
     public void shouldPassBecauseCorrectSecret () throws Exception {
         byte[] secret = new byte[20];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(secret);
         byte[] hash = Tools.hashSecret(secret);
 
@@ -34,7 +35,7 @@ public void shouldPassBecauseCorrectSecret () throws Exception {
     @Test
     public void shouldPassBecauseOfNewMaster () throws Exception {
         byte[] secret = new byte[20];
-        Random r = new Random();
+        Random r = new SecureRandom();
         r.nextBytes(secret);
 
         RevocationHash revocationHash = new RevocationHash(0, 0, secret, secret);