Deployed 764b273 with MkDocs version: 1.6.1

MASTG/best-practices/MASTG-BEST-0001/index.html

@@ -20759,7 +20759,7 @@ <h2 id="javakotlin">Java/Kotlin<a class="headerlink" href="#javakotlin" title="P
 <p>The default (no-argument) constructor of <code>SecureRandom</code> is recommended, as it uses the system-provided seed of appropriate length to ensure high entropy. Providing a seed (hardcoded or otherwise) to the constructor is <a href="https://developer.android.com/privacy-and-security/risks/weak-prng?source=studio#weak-prng-java-security-securerandom">discouraged in the Android Documentation</a>, because it risks creating deterministic output and undermining security.</p>
 <p>Although <a href="https://developer.android.com/reference/java/security/SecureRandom?hl=en#setSeed(byte[])">the documentation</a> says the provided seed normally supplements the existing seed, this behavior may differ if an <a href="https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html">old security provider</a> is used. To avoid these pitfalls, ensure your app targets a modern Android version with an updated provider or explicitly configures a secure provider such as AndroidOpenSSL (or Conscrypt in newer releases).</p>
 <h2 id="other-languages">Other Languages<a class="headerlink" href="#other-languages" title="Permanent link">&para;</a></h2>
-<p>Consult the standard library or framework documentation to find the API that exposes the operating system's cryptographically secure pseudorandom number generator (kernel-based CSPRNG). This is usually the safest approach, provided there are no known vulnerabilities in that library's random number generation. For example, see the <a href="https://www.zellic.io/blog/proton-dart-flutter-csprng-prng/">Flutter/Dart issue</a> as a reminder that some frameworks may have known weaknesses in their PRNG implementations.</p>
+<p>Consult the standard library or framework documentation to find the API that exposes the operating system's cryptographically secure pseudorandom number generator. This is usually the safest approach, provided there are no known vulnerabilities in that library's random number generation. For example, see the <a href="https://www.zellic.io/blog/proton-dart-flutter-csprng-prng/">Flutter/Dart issue</a> as a reminder that some frameworks may have known weaknesses in their PRNG implementations.</p>
 <h2 id="tests">Tests<a class="headerlink" href="#tests" title="Permanent link">&para;</a></h2>
 <p><a class="mas-test-button" href="../../tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0204/"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.61 15.15c-.46 0-.84-.37-.84-.83s.38-.82.84-.82.84.36.84.82-.38.83-.84.83m-9.2 0c-.46 0-.84-.37-.84-.83s.38-.82.84-.82.83.36.83.82-.37.83-.83.83m9.5-5.01 1.67-2.88c.09-.17.03-.38-.13-.47-.17-.1-.38-.04-.45.13l-1.71 2.91A10.15 10.15 0 0 0 12 8.91c-1.53 0-3 .33-4.27.91L6.04 6.91a.334.334 0 0 0-.47-.13c-.17.09-.22.3-.13.47l1.66 2.88C4.25 11.69 2.29 14.58 2 18h20c-.28-3.41-2.23-6.3-5.09-7.86"/></svg></span> MASTG-TEST-0204: Insecure Random API Usage</a> <a class="mas-test-button" href="../../tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0205/"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.61 15.15c-.46 0-.84-.37-.84-.83s.38-.82.84-.82.84.36.84.82-.38.83-.84.83m-9.2 0c-.46 0-.84-.37-.84-.83s.38-.82.84-.82.83.36.83.82-.37.83-.83.83m9.5-5.01 1.67-2.88c.09-.17.03-.38-.13-.47-.17-.1-.38-.04-.45.13l-1.71 2.91A10.15 10.15 0 0 0 12 8.91c-1.53 0-3 .33-4.27.91L6.04 6.91a.334.334 0 0 0-.47-.13c-.17.09-.22.3-.13.47l1.66 2.88C4.25 11.69 2.29 14.58 2 18h20c-.28-3.41-2.23-6.3-5.09-7.86"/></svg></span> MASTG-TEST-0205: Non-random Sources Usage</a> </p>