public class SecureRandom extends Random
The default algorithm is defined by the first SecureRandomSpi
provider found in the VM's installed security providers. Use Security
to install custom SecureRandomSpi
providers.
Seeding
A seed is an array of bytes used to bootstrap random number generation.
To produce cryptographically secure random numbers, both the seed and the
algorithm must be secure.
SecureRandom
may be
insecure
By default, instances of this class will generate an initial seed using
an internal entropy source, such as /dev/urandom
. This seed is
unpredictable and appropriate for secure use.
You may alternatively specify the initial seed explicitly with the
seeded constructor
or by calling setSeed(byte[])
before any random numbers have been generated. Specifying a fixed
seed will cause the instance to return a predictable sequence of numbers.
This may be useful for testing but it is not appropriate for secure use.
It is dangerous to seed SecureRandom
with the current time because
that value is more predictable to an attacker than the default seed.
Calling setSeed(byte[])
on a SecureRandom
after it has
been used to generate random numbers (ie. calling nextBytes(byte[])
) will
supplement the existing seed. This does not cause the instance to return a
predictable numbers, nor does it harm the security of the numbers generated.
Modifier | Constructor and Description |
---|---|
|
SecureRandom()
Constructs a new
SecureRandom that uses the default algorithm. |
|
SecureRandom(byte[] seed)
Constructs a new seeded
SecureRandom that uses the default
algorithm. |
protected |
SecureRandom(SecureRandomSpi secureRandomSpi,
Provider provider)
Constructs a new instance of
SecureRandom using the given
implementation from the specified provider. |
Modifier and Type | Method and Description |
---|---|
byte[] |
generateSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using
the seed generation algorithm used by this
SecureRandom . |
String |
getAlgorithm()
Returns the name of the algorithm of this
SecureRandom . |
static SecureRandom |
getInstance(String algorithm)
Returns a new instance of
SecureRandom that utilizes the
specified algorithm. |
static SecureRandom |
getInstance(String algorithm,
Provider provider)
Returns a new instance of
SecureRandom that utilizes the
specified algorithm from the specified provider. |
static SecureRandom |
getInstance(String algorithm,
String provider)
Returns a new instance of
SecureRandom that utilizes the
specified algorithm from the specified provider. |
Provider |
getProvider()
Returns the provider associated with this
SecureRandom . |
static byte[] |
getSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using
the seed generation algorithm used by this
SecureRandom . |
protected int |
next(int numBits)
Generates and returns an
int containing the specified number of
random bits (right justified, with leading zeros). |
void |
nextBytes(byte[] bytes)
Generates and stores random bytes in the given
byte[] for each
array element. |
void |
setSeed(byte[] seed)
Seeds this
SecureRandom instance with the specified seed . |
void |
setSeed(long seed)
Seeds this
SecureRandom instance with the specified eight-byte
seed . |
nextBoolean, nextDouble, nextFloat, nextGaussian, nextInt, nextInt, nextLong
public SecureRandom()
SecureRandom
that uses the default algorithm.public SecureRandom(byte[] seed)
SecureRandom
that uses the default
algorithm. Seeding SecureRandom
may be
insecure.protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
SecureRandom
using the given
implementation from the specified provider.secureRandomSpi
- the implementation.provider
- the security provider.public static SecureRandom getInstance(String algorithm) throws NoSuchAlgorithmException
SecureRandom
that utilizes the
specified algorithm.algorithm
- the name of the algorithm to use.SecureRandom
that utilizes the
specified algorithm.NoSuchAlgorithmException
- if the specified algorithm is not available.NullPointerException
- if algorithm
is null
.public static SecureRandom getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
SecureRandom
that utilizes the
specified algorithm from the specified provider.algorithm
- the name of the algorithm to use.provider
- the name of the provider.SecureRandom
that utilizes the
specified algorithm from the specified provider.NoSuchAlgorithmException
- if the specified algorithm is not available.NoSuchProviderException
- if the specified provider is not available.NullPointerException
- if algorithm
is null
.IllegalArgumentException
- if provider == null || provider.isEmpty()
public static SecureRandom getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException
SecureRandom
that utilizes the
specified algorithm from the specified provider.algorithm
- the name of the algorithm to use.provider
- the security provider.SecureRandom
that utilizes the
specified algorithm from the specified provider.NoSuchAlgorithmException
- if the specified algorithm is not available.NullPointerException
- if algorithm
is null
.IllegalArgumentException
- if provider == null
public final Provider getProvider()
SecureRandom
.SecureRandom
.public String getAlgorithm()
SecureRandom
.SecureRandom
.public void setSeed(byte[] seed)
public void setSeed(long seed)
SecureRandom
instance with the specified eight-byte
seed
. Seeding SecureRandom
may
be insecure.public void nextBytes(byte[] bytes)
byte[]
for each
array element.protected final int next(int numBits)
int
containing the specified number of
random bits (right justified, with leading zeros).public static byte[] getSeed(int numBytes)
SecureRandom
.numBytes
- the number of seed bytes.public byte[] generateSeed(int numBytes)
SecureRandom
.numBytes
- the number of seed bytes.