Stack Overflow
Stack Overflow

Questions tagged [secure-random]

SecureRandom is a Java class that provides a cryptographically strong random number generator (RNG).

SecureRandom is a Java class that provides a cryptographically strong random number generator (RNG).

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html

84 questions
3
votes
6 answers

Generate secure random number with SecureRandom

How can I generate a 6 digit integer using SecureRandom class of Java? I am trying the following code to generate random numbers : SecureRandom secureRandom = new SecureRandom(); int secureNumber = secureRandom.nextInt(); It is generating random…
MobileAppDeveloper
  • 1,048
  • 2
  • 16
  • 27
3
votes
1 answer

SecureRandom custom algorithm

For testing purpose I need to use SecureRandom with a custom algorithm. How is it possible? I think I have to subclass SecureRandom and provide a SecureRandomSpi custom implementation: 167: /** 168: A constructor for SecureRandom. It…
Alvins
  • 867
  • 16
  • 27
3
votes
1 answer

How to use SecureRandom.urlsafe_base64?

I'm really new to this and need to create an url-safe token of between 2 and 20 characters and only alphanumeric chars (letters and numbers) are allowed. I use this token for processing by a payment provider. I have the method below, but I got an…
Marty
  • 2,132
  • 4
  • 21
  • 47
2
votes
1 answer

Should SecureRandom be used as singleton or a new object should be created each time random number is generated?

I am using SecureRandom to generate random numbers. Does it make any difference with respect to predictability of next number generated if the SecureRandom object is a singleton or a new object is created every time a random number is…
Smile
  • 3,832
  • 3
  • 25
  • 39
2
votes
2 answers

What actual algorithm is used by SecureRandom.getInstance("DRBG")?

Java 9 (JSR 379) introduces the NIST DRBG's as specified in JEP 273: DRBG-Based SecureRandom Implementations. However, the NIST document SP 800-90Ar1 (NIST Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using…
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
2
votes
1 answer

How to check match for salted and hashed password

I'm researching password security and user log-in, and more specifically storing and matching salted password hashes in databases. I understand the basics of salting and hashing, but I don't understand how I am supposed to check against the stored…
brisdalen
  • 210
  • 1
  • 2
  • 10
2
votes
1 answer

Generating Predictable Secure Random Numbers

How can I instantiate a predictable and secure random number generator which will generate consistent random numbers across Java versions and operating systems? The following code used to work in Java 8 but no longer works in Java 10: import…
lyaffe
  • 1,407
  • 15
  • 24
2
votes
2 answers

Cross Site History Manipulation(Checkmarx)

Does anyone know how to fix the Checkmarx vulnerability -- Cross Site History Manipulation for java based applcations? Here is the description provided by Checkmarx scan -- "the method may leak server-side conditional values, enabling user tracking…
apandey
  • 85
  • 1
  • 4
  • 13
2
votes
2 answers

Can Java version 1.8 generate the same SecureRandom Value as Java version 1.6?

I am facing a problem on the system authenticate system. Our servers use the version 1.6 while clients use version 1.8, in the process of authenticate, we generate a key by "SHA1PRNG" with SecureRandom, while the following code: i.e.: KeyGenerator…
shing_l
  • 53
  • 1
  • 8
2
votes
2 answers

RHE 7 Not respecting java Secure Random Seed

I have a quandary on my hands. I created an AES service to encrypt/decrypt sensitive information. The AES key is randomly generated using java's SecureRandom. I have a protected file that stores the seed and upon calling the service the seed is…
locus2k
  • 2,802
  • 1
  • 14
  • 21
2
votes
2 answers

secure random seed and derby database creation

this my encrypted DB: private static final String EMBEDDEDDRIVER =…
Mohd
  • 191
  • 3
  • 14
2
votes
1 answer

SecureRandom hash

I am trying to see if I can get a proper distribution based on secure random hash. I always seem to get double for my first index. Is there something wrong that I am doing SecureRandom sr = new SecureRandom(); …
Paul
  • 187
  • 1
  • 2
  • 12
2
votes
2 answers

Generate KeyPair with RandomSecure

Is there anyway I can generate always the same private key? I tired to initialize KeyPairGenerator with a RandomSecure object which uses the same seed: private PrivateKey getPrivateKey(String seed) { try { SecureRandom sr = new…
Leem.fin
  • 40,781
  • 83
  • 202
  • 354
2
votes
1 answer

require 'celluloid' takes a long time to load

I have a JRuby application deployed on Google compute engine. I noticed that it takes a while to load the celluloid gem. After looking into more details, I found that it is taking more time to load celluloid/internals/stack. Usually, it takes more…
Pandurang Waghulde
  • 995
  • 1
  • 6
  • 19
2
votes
2 answers

Static token generation?

I have found this question How to generate a random alpha-numeric string? and the answer contains this code: public final class SessionIdentifierGenerator { private SecureRandom random = new SecureRandom(); public String nextSessionId() { …
ctomek
  • 1,696
  • 16
  • 35
1
2
3 4 5 6