2121import java .security .SecureRandom ;
2222import java .util .Arrays ;
2323import java .util .Random ;
24- import java .util .concurrent .ThreadLocalRandom ;
2524import java .util .regex .Matcher ;
2625import java .util .regex .Pattern ;
2726
@@ -87,8 +86,8 @@ public static String apr1Crypt(final byte[] keyBytes) {
8786 * </p>
8887 *
8988 * @param keyBytes plaintext string to hash. Each array element is set to {@code 0} before returning.
90- * @param random the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
91- * or {@link ThreadLocalRandom} .
89+ * @param random the instance of {@link Random} to use for generating the salt.
90+ * Consider using {@link SecureRandom} for more secure salts .
9291 * @return the hash value
9392 * @throws IllegalArgumentException when a {@link java.security.NoSuchAlgorithmException} is caught. *
9493 * @see #apr1Crypt(byte[], String)
@@ -108,8 +107,7 @@ public static String apr1Crypt(final byte[] keyBytes, final Random random) {
108107 * plaintext string to hash. Each array element is set to {@code 0} before returning.
109108 * @param salt
110109 * An APR1 salt. The salt may be null, in which case a salt is generated for you using
111- * {@link ThreadLocalRandom}; for more secure salts consider using {@link SecureRandom} to generate your
112- * own salts.
110+ * {@link SecureRandom}
113111 * @return the hash value
114112 * @throws IllegalArgumentException
115113 * if the salt does not match the allowed pattern
@@ -127,8 +125,7 @@ public static String apr1Crypt(final byte[] keyBytes, String salt) {
127125 /**
128126 * See {@link #apr1Crypt(String, String)} for details.
129127 * <p>
130- * A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
131- * {@link SecureRandom} to generate your own salts and calling {@link #apr1Crypt(byte[], String)}.
128+ * A salt is generated for you using {@link SecureRandom}.
132129 * </p>
133130 *
134131 * @param keyBytes
@@ -153,8 +150,7 @@ public static String apr1Crypt(final String keyBytes) {
153150 * plaintext string to hash. Each array element is set to {@code 0} before returning.
154151 * @param salt
155152 * salt string including the prefix and optionally garbage at the end. The salt may be null, in which
156- * case a salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
157- * {@link SecureRandom} to generate your own salts.
153+ * case a salt is generated for you using {@link SecureRandom}.
158154 * @return the hash value
159155 * @throws IllegalArgumentException
160156 * if the salt does not match the allowed pattern
@@ -171,8 +167,7 @@ public static String apr1Crypt(final String keyBytes, final String salt) {
171167 * See {@link #md5Crypt(byte[], String)} for details.
172168 * </p>
173169 * <p>
174- * A salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
175- * {@link SecureRandom} to generate your own salts and calling {@link #md5Crypt(byte[], String)}.
170+ * A salt is generated for you using {@link SecureRandom}.
176171 * </p>
177172 * @param keyBytes
178173 * plaintext string to hash. Each array element is set to {@code 0} before returning.
@@ -196,8 +191,8 @@ public static String md5Crypt(final byte[] keyBytes) {
196191 * @param keyBytes
197192 * plaintext string to hash. Each array element is set to {@code 0} before returning.
198193 * @param random
199- * the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
200- * or {@link ThreadLocalRandom} .
194+ * the instance of {@link Random} to use for generating the salt.
195+ * Consider using {@link SecureRandom} for more secure salts .
201196 * @return the hash value
202197 * @throws IllegalArgumentException
203198 * when a {@link java.security.NoSuchAlgorithmException} is caught.
@@ -219,8 +214,7 @@ public static String md5Crypt(final byte[] keyBytes, final Random random) {
219214 * plaintext string to hash. Each array element is set to {@code 0} before returning.
220215 * @param salt
221216 * salt string including the prefix and optionally garbage at the end. The salt may be null, in which
222- * case a salt is generated for you using {@link ThreadLocalRandom}; for more secure salts consider using
223- * {@link SecureRandom} to generate your own salts.
217+ * case a salt is generated for you using {@link SecureRandom}.
224218 * @return the hash value
225219 * @throws IllegalArgumentException
226220 * if the salt does not match the allowed pattern
@@ -242,8 +236,7 @@ public static String md5Crypt(final byte[] keyBytes, final String salt) {
242236 * plaintext string to hash. Each array element is set to {@code 0} before returning.
243237 * @param salt
244238 * real salt value without prefix or "rounds=". The salt may be null, in which case a salt
245- * is generated for you using {@link ThreadLocalRandom}; for more secure salts consider
246- * using {@link SecureRandom} to generate your own salts.
239+ * is generated for you using {@link SecureRandom}.
247240 * @param prefix
248241 * salt prefix
249242 * @return the hash value
@@ -266,13 +259,12 @@ public static String md5Crypt(final byte[] keyBytes, final String salt, final St
266259 * plaintext string to hash. Each array element is set to {@code 0} before returning.
267260 * @param salt
268261 * real salt value without prefix or "rounds=". The salt may be null, in which case a salt
269- * is generated for you using {@link ThreadLocalRandom}; for more secure salts consider
270- * using {@link SecureRandom} to generate your own salts.
262+ * is generated for you using {@link SecureRandom}.
271263 * @param prefix
272264 * salt prefix
273265 * @param random
274- * the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom}
275- * or {@link ThreadLocalRandom} .
266+ * the instance of {@link Random} to use for generating the salt.
267+ * Consider using {@link SecureRandom} for more secure salts .
276268 * @return the hash value
277269 * @throws IllegalArgumentException
278270 * if the salt does not match the allowed pattern
0 commit comments