I'm using ECIES cryptography to send messages over the internet. For this method, a random key is generated for every message. The encryption key depends on this random key. Is it secure to use the same, not reseeded SecureRandom for the generation of multiple keys?
Asked
Active
Viewed 93 times
1
-
You'll probably get more help with this over at http://crypto.stackexchange.com/ since it's more theoretical than programming related. – shanet Aug 18 '13 at 17:30
-
@shanet Thanks for your tip, but this is actually about the secure random used by Java. – Sibbo Aug 18 '13 at 17:39
1 Answers
1
Yes. A well designed SecureRandom will give random numbers that are completely unpredictable, meaning that if an attacker obtains one key pair, or a thousand key pairs, that will not help him in predicting the next key pair.
Reseeding your secure random will cost quite some time (depending where the actual random bits are coming from), so you do not want to reseed it to often.
Jesse van Bekkum
- 1,466
- 3
- 15
- 24