Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does the Android implementation of SecureRandom produce true random numbers?

Tags:

java

android

random

secure-random

I have read that, generally, some implementations of SecureRandom may produce true random numbers.

In particular, the Android docs say

instances of this class will generate an initial seed using an internal entropy source, such as /dev/urandom

but does that mean it will produce true random numbers (i.e., rather than pseudo-random numbers)?

And if I use SecureRandom in Android in this manner...

SecureRandom sr = new SecureRandom();

...will I get a truly random output whenever I call sr.nextBoolean()?

Or is the output likely to be more (or less?) random if I, instead, obtain output by doing this each time: new SecureRandom().nextBoolean()?

like image 324
ban-geoengineering Avatar asked Sep 12 '14 21:09

ban-geoengineering

People also ask

How does SecureRandom work?

A cryptographically secure number random generator, as you might use for generating encryption keys, works by gathering entropy - that is, unpredictable input - from a source which other people can't observe.

What is the difference between random and SecureRandom in Java?

Random class has only 48 bits where as SecureRandom can have upto 128 bits which makes the probability of repeating in SecureRandom are smaller. Due to this also the number of attempts to break Random number prediction comes to 2^48 while that of SecureRandom number is 2^128 which again makes it more secure.

What does SecureRandom do in Java?

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides a java. util. Random method, and serves to provide a source of random bits to all of the methods inherited from that class (for example, nextInt , nextLong , and nextFloat ).

Is SecureRandom unique?

No, a SecureRandom instance does not guarantee unique results.

1 Answers

"True" and "pseudorandom" random numbers mean a lot of different things to different people. It's best to avoid those.

/dev/urandom got a bad rep because people do not understand the differences between it and /dev/random (much, much less difference than you would expect).

If you're asking whether seeding by /dev/urandom might compromise the fitness of SecureRandom to use it for cryptographic purposes, the answer is a resounding "no".

If you've got some time you might want to read my essay about the whole issue.

like image 197
Thomas Avatar answered Sep 18 '22 13:09

Thomas
Sign in to Comment

Related questions

How to call a json webservice through android
IntelliJ and svn:ignore
Does something like CHESS exist for Java? [closed]
Use File or FileReader with Scanner?
Jenkins not showing maven compiler errors
Inferring a method's stack memory use in Java
How are conflicting properties resolved if multiple profiles are activated
Running Neo4j purely in memory without any persistence
How to interpret the output from "jmap -permstat"?
Android how to do image screen slide?
Java annotation processing with source code manipulation
Android round a Layouts background image, only top or bottom corners
JVM bytecode limitations on class-class interactions
How to avoid write code like "XXX!=null" or "XXX!=null || XXX.isEmpty" [duplicate]
Can you specify a generic type that subclasses another generic type _and_ a concrete interface?
Mixed Content for JAXB not working from WSDL
CursorTreeAdapter with search implementation
How to Set a FindBugs Filter for fields with a specific Annotation?
Error while compiling when using AspectJ compiler instead of Javac
Spring JPA - org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean cannot be cast to javax.persistence.EntityManagerFactory

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!