GitLab

Our current SecureRandom implementation involves XORing a Fortuna-based PRNG with the system's default SecureRandom implementation. This is meant to help protect against any weaknesses in the system's PRNG, such as the Android SecureRandom bug (CVE-2013-7372, https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html). However, the construct is quite complex and not properly documented. We should simplify it and document it.