I’m implementing licensing in my Android application, and there is an array of 20

Question

0

Asked: May 26, 20262026-05-26T20:21:56+00:00 2026-05-26T20:21:56+00:00

I’m implementing licensing in my Android application, and there is an array of 20

0

I’m implementing licensing in my Android application, and there is an array of 20 bytes that need to be passed into the AESObfuscator that is passed to the ServerManagedPolicy object. Can this array be generated randomly every time the code is ran, or does it have to be hardcoded?

Right now I’m randomly generating the salt like this:

private static final byte[] SALT;

static {
    Random random = new Random();
    random.setSeed(System.currentTimeMillis());
    byte[] buf = new byte[20];
    random.nextBytes(buf);
    SALT = buf;
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T20:21:56+00:00

A bit late, but yes: the salt must remain the same to be able to decrypt the stored values again.

Basically Salting means randomizing a passphrase to make dictionary attacks a lot harder. How does a salt protect against a dictionary attack?

Update (one year later 🙂 By the way: use a SecureRandom generator for the bytes in stead of a Random generator – it’s better (I could go into detail, but you can find that elsewhere as well. http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html)

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m implementing licensing in my Android application, and there is an array of 20

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply