SecureRandom

This class provides a cryptographically strong random number generator (RNG).

<p>A cryptographically strong random number minimally complies with the statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm"> <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in <a href="http://www.ietf.org/rfc/rfc1750.txt"> <i>RFC 1750: Randomness Recommendations for Security</i></a>.

<p>A caller obtains a SecureRandom instance via the no-argument constructor or one of the {@code getInstance} methods:

<pre> SecureRandom random = new SecureRandom(); </pre>

<p> Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

<p> Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

<pre> SecureRandom random = new SecureRandom(); byte bytes[] = new byte[20]; random.nextBytes(bytes); </pre>

<p> Callers may also invoke the {@code generateSeed} method to generate a given number of seed bytes (to seed other random number generators, for example): <pre> byte seed[] = random.generateSeed(20); </pre>

Note: Depending on the implementation, the {@code generateSeed} and {@code nextBytes} methods may block as entropy is being gathered, for example, if they need to read from /dev/random on various Unix-like operating systems.

@see java.security.SecureRandomSpi @see java.util.Random

@author Benjamin Renaud @author Josh Bloch