1

SecureRandom internally makes use of other algorithms , like in case of Linux , makes use of NativePRNG which in turn makes use of /dev/urandom . But /dev/urandom is actually using interrupts events etc to generate entropy which is similar to a True Random Number Generator (TRNG) . So why is SecureRandom called PseudoRandom Number Generator , although it is dependent on the implementation of the algorithm it is using ?

Thanks

Sameera Thilakasiri
  • 9,452
  • 10
  • 51
  • 86
Pargarg
  • 33
  • 5

2 Answers2

3

I expect it has to do with guarantees. The guarantee of /dev/urandom is that it will use random data if available, filling in with pseudo-random data if necessary to avoid blocking. So if you're using /dev/urandom, you can't claim true randomness, even if sometimes you're getting it.

In the documentation for SecureRandom it says:

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

Thus, the guarantee of SecureRandom can only ever be that it works pseudo-randomly, if any implementations are allowed to do so. It may be able to do better, but that's not the contract.

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
  • But in previous versions of Java , /dev/random was the default one . Still they used to call it a PRNG which might not be true in every case if I am not wrong. – Pargarg Nov 24 '11 at 15:24
  • actually /dev/random is classified as a PRNG in the same way as /dev/urandom – spikeheap Nov 24 '11 at 15:24
  • @T.J.Crowder : Documentation part seems good . spikeheap : but why do they call it prng even though it makes use of external entropy ? – Pargarg Nov 24 '11 at 15:28
  • /dev/random being a "true" random generator is a myth: http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ – Federico Mar 19 '16 at 19:13
1

Not all operating systems implement the same functionality for /dev/random, and there is no guarantee that it will be anything other than an algorithm (though most modern systems do use interrupts, etc). That is why Java refers to it as a PRNG.

/dev/random on Linux is a TRNG.

spikeheap
  • 3,827
  • 1
  • 32
  • 47