Use of BigInteger.isProbablePrime() to generate cryptographically secure primes

Question

Can you use BigInteger.isProbablePrime() to generate cryptographically secure primes? What certainty is necessary for them to be "secure"?

Answer 1

I do not hold a degree in crypto, so take this with a grain of salt.

You have two major areas of concern here:

1. Your primes need to be unpredictably random. This means that you need to use a source such as SecureRandom to generate your primes. No matter how sure of your primality, if they are predictable, the entire cryptosystem fails to meet its goal. If you are using the BigInteger(int bitLength, int certainty, Random rnd) constructor, you can pass in your SecureRandom as it subclasses Random.

2. Your potential primes need to be reasonably certain of being primes (I'm assuming that you are using an algorithm that relies on the hardness of factoring). If you get a probable prime, but an attacker can, with a good probability, factor it within 5 minutes because it had a factor that never got noticed by the primality test you ran, you are somewhat out of luck with your algorithm. Rabin-Miller is generally used, and this answer states that a certainty of 15 is sufficient for 32-bit integers. A value up to 40 is recommended, and anything beyond that is meaningless.