public class SecureRandom
extends java.util.Random
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.
A caller obtains a SecureRandom instance via the no-argument constructor:
SecureRandom random = new SecureRandom();
Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
Typical callers of SecureRandom invoke the following methods to retrieve random bytes:
SecureRandom random = new SecureRandom(); byte bytes[] = new byte[20]; random.nextBytes(bytes);
Callers may also invoke the generateSeed
method to generate a given number of seed bytes (to seed other
random number generators, for example):
byte seed[] = random.generateSeed(20);Note: Depending on the implementation, the
generateSeed
and nextBytes
methods may block as entropy is
being gathered, for example, if they need to read from /dev/random on various Unix-like operating systems.Random
,
Serialized FormConstructor and Description |
---|
SecureRandom()
Constructs a secure random number generator (RNG) implementing the default random number algorithm.
|
SecureRandom(byte[] seed)
Constructs a secure random number generator (RNG) implementing the default random number algorithm.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
generateSeed(int numBytes)
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed
itself.
|
protected int |
next(int numBits)
Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading
zeros).
|
void |
nextBytes(byte[] bytes)
Generates a user-specified number of random bytes.
|
void |
setSeed(byte[] seed)
Reseeds this random object.
|
void |
setSeed(long seed)
Reseeds this random object, using the eight bytes contained in the given
long seed . |
public SecureRandom()
The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed
method. If setSeed
is not called, the first call to nextBytes
will force the SecureRandom object
to seed itself. This self-seeding will not occur if setSeed
was previously called.
public SecureRandom(byte[] seed)
seed
- the seed.public void setSeed(byte[] seed)
seed
- the seed.public void setSeed(long seed)
long seed
. The given seed
supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce
randomness.
This method is defined for compatibility with java.util.Random
.
setSeed
in class java.util.Random
seed
- the seed.public void nextBytes(byte[] bytes)
If a call to setSeed
had not occurred previously, the first call to this method forces this SecureRandom
object to seed itself. This self-seeding will not occur if setSeed
was previously called.
nextBytes
in class java.util.Random
bytes
- the array to be filled in with random bytes.protected final int next(int numBits)
java.util.Random
method, and serves to provide a source of random bits to
all of the methods inherited from that class (for example, nextInt
, nextLong
, and
nextFloat
).next
in class java.util.Random
numBits
- number of pseudo-random bits to be generated, where 0 <= numBits <= 32
.int
containing the user-specified number of pseudo-random bits (right justified, with leading
zeros).public byte[] generateSeed(int numBytes)
numBytes
- the number of seed bytes to generate.