Java Reference
In-Depth Information
The
java.security.SecureRandom
class is widely used for generating cryptograph-
ically strong random numbers. According to the
java.security
file present in the Java
Runtime Environment's
lib/security
folder [API 2013]:
Select the source of seed data for
SecureRandom
. By default an attempt is made to
use the entropy gathering device specified by the
securerandom.source
property.
If an exception occurs when accessing the URL then the traditional system/thread
activity algorithm is used.
On Solaris and Linux systems, if
file:/dev/urandom
is specified and it exists, a
special SecureRandom implementation is activated by default. This “NativePRNG”
reads random bytes directly from
/dev/urandom
. On Windows systems, the URLs
file:/dev/random
and
file:/dev/urandom
enables use of the Microsoft
CryptoAPI seed functionality.
An adversary should not be able to determine the original seed given several samples
of random numbers. If this restriction is violated, all future random numbers may be suc-
cessfully predicted by the adversary.
Noncompliant Code Example
This noncompliant code example constructs a secure random number generator that is
seeded with the specified seed bytes.
SecureRandom random = new SecureRandom(
String.valueOf(new Date().getTime()).getBytes()
);
This constructor searches a registry of security providers and returns the first provider
that supports secure random number generation. If no such provider exists, an
implementation-specific default is selected. Furthermore, the default system-provided
seed is overridden by a seed provided by the programmer. Using the current system time
as the seed is predictable, and can result in the generation of random numbers with insuf-
ficient entropy.
Compliant Solution
Prefer the no-argument constructor of
SecureRandom
that uses the system-specified seed
value to generate a 128-byte-long random number.
