In StringUtils numbersAndLetters string array duplicates digits 0-9 twice, this results in random strings which have less entropy than you might expect from their length (and incidentally causes the results to fail simple tests of randomness as different characters don't occur with the same frequency).
In StringUtils numbersAndLetters string array duplicates digits 0-9 twice, this results in random strings which have less entropy than you might expect from their length (and incidentally causes the results to fail simple tests of randomness as different characters don't occur with the same frequency).
The practical loss of entropy is modest.[
https://github.com/igniterealtime/Openfire/blob/master/src/java/org/jivesoftware/util/StringUtils.java]
Stylistically the code in randomString has hard coded 72 when it should probably use the computed length of the array.