SecureRandom

public class SecureRandom extends Random

This class provides a cryptographically strong random number generator (RNG).

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

      SecureRandom random = new SecureRandom();
 

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

      SecureRandom random = new SecureRandom();
      byte bytes[] = new byte[20];
      random.nextBytes(bytes);
 

Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

      byte seed[] = random.generateSeed(20);
 
Note: Depending on the implementation, the generateSeed and nextBytes methods may block as entropy is being gathered, for example, if they need to read from /dev/random on various unix-like operating systems. The SHA1PRNG algorithm from the Crypto provider has been deprecated as it was insecure, and also incorrectly used by some apps as a key derivation function. See Security "Crypto" provider deprecated in Android N for details.

Public Constructor Summary

SecureRandom()
Constructs a secure random number generator (RNG) implementing the default random number algorithm.
SecureRandom(byte[] seed)
Constructs a secure random number generator (RNG) implementing the default random number algorithm.

Protected Constructor Summary

SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
Creates a SecureRandom object.

Public Method Summary

byte[]
generateSeed(int numBytes)
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.
String
getAlgorithm()
Returns the name of the algorithm implemented by this SecureRandom object.
static SecureRandom
getInstance(String algorithm)
Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
static SecureRandom
getInstance(String algorithm, String provider)
Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
static SecureRandom
getInstance(String algorithm, Provider provider)
Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
final Provider
getProvider()
Returns the provider of this SecureRandom object.
static byte[]
getSeed(int numBytes)
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.
synchronized void
nextBytes(byte[] bytes)
Generates a user-specified number of random bytes.
void
setSeed(long seed)
Reseeds this random object, using the eight bytes contained in the given long seed.
synchronized void
setSeed(byte[] seed)
Reseeds this random object.

Protected Method Summary

final int
next(int numBits)
Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros).

Inherited Method Summary