Our team is using a SecureRandom to generate a list of key pairs (the SecureRandom is passed to a KeyPairGenerator). We cannot agree on which of the following two options to use:
Create a new instance every time we need to generate a key pair
Initialize a static instance and use it for all key pairs
Which approach is generally better and why?
ADDED: My gut feeling is that the second option is more secure. But my only argument is a theoretical attack based on the assumption that the pseudorandomness is derived from the current timestamp: someone may see the creation time of the key pair, guess timestamps in the surrounding time interval, compute the possible pseudorandom sequences, and obtain the key material.
ADDED: My assumption about determinism based on a timestamp was wrong. That's the difference between Random and SecureRandom. So, it looks like the answer is: in terms of security it doesn't really matter.
Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
Every instance of SecureRandom is created with an initial seed. It works as a base for providing random values and changes every time we generate a new value. Using the new operator or calling SecureRandom. getInstance() will get the default seed from /dev/urandom.
No, a SecureRandom instance does not guarantee unique results.
Unfortunately, SecureRandom can be very slow. If it uses /dev/random on Linux, it can block waiting for sufficient entropy to build up.
Unlike the java.util.Random
class, the java.security.SecureRandom
class must produce non-deterministic output on each call.
What that means is, in case of java.util.Random
, if you were to recreate an instance with the same seed each time you needed a new random number, you would essentially get the same result every time. However, SecureRandom
is guaranteed to NOT do that - so, creating a single instance or creating a new one each time does not affect the randomness of the random bytes it generates.
So, from just normal good coding practices view point, why create too many instances when one will do?
For SecureRandom you would want to consider occasionally reseeding (using system entropy in most cases) via a call like so:
mySecureRandom.setSeed(mySecureRandom.generateSeed(someInt));
so as to give a potential attacker something less than unlimited time to discover your key.
There's some great writeups about this consideration at the Justice League blog.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With