secure-random

问题 I have a quandary on my hands. I created an AES service to encrypt/decrypt sensitive information. The AES key is randomly generated using java's SecureRandom . I have a protected file that stores the seed and upon calling the service the seed is populated into the Secure Random class. To make sure it works I have the following logic: private boolean secureRandom(final String seed) { SecureRandom sr1 = new SecureRandom(seed.getBytes(UTF8_CHARSET)); SecureRandom sr2 = new SecureRandom(seed

问题 I have a quandary on my hands. I created an AES service to encrypt/decrypt sensitive information. The AES key is randomly generated using java's SecureRandom . I have a protected file that stores the seed and upon calling the service the seed is populated into the Secure Random class. To make sure it works I have the following logic: private boolean secureRandom(final String seed) { SecureRandom sr1 = new SecureRandom(seed.getBytes(UTF8_CHARSET)); SecureRandom sr2 = new SecureRandom(seed

问题 Does Java SecureRandom.nextLong() return all possible values given it inherits from Random which uses only 48 bits? If not, can I still do it in Java maybe by modifying the Random class and how to do it? I just want to use an all random long number generator where all possible long values can be returned, if possible. 回答1: While SecureRandom inherits from Random, it doesn't use the same maths or have the same limitation. It will produce all possible 64-bit values eventually. This class

问题 I have a java method that has to generate lots of random numbers in a very short period of time. My first approach was to use Math.random (which works really fast), but I have the presumption that because I call the Math.random so quick on behind the other, the "random" isn't really random (or less random) because of that (but I need it to be as random as possible). I now have two questions: Is my presumption right, that because of the number of calls in a very short period of time the random

问题 I'm using SecRandomCopyBytes for generate a secure random number. Is there a way to specify a "range"? I need to obtain the same behaviour of this Java piece of code: SecureRandom r = new SecureRandom(); char x = (char)(r.nextInt(26) + 'a'); Any tips will appreciate! UPDATE Seeing that I made a silly question I feel compelled to share the solution, made extending Int type: public extension Int { /** Create a random num Int in range :param: lower number Int :param: upper number Int :return:

问题 Let's say I need good seed to initialize pseudo random generator (PRNG) in Java program and I don't have access to any hardware random generator. How to get entropy from JVM without any user interaction? 回答1: SHA-1 is going to be depreciated The vulnerability is not relevant to CSPRNG construction. How to get entropy from JVM? SecureRandom is a generic facade over various security providers, including OS-specific entropy sources 回答2: You can use generateSeed(int) or getSeed(int) to statically

问题 Java 9 (JSR 379) introduces the NIST DRBG's as specified in JEP 273. However, the NIST document SP 800-90Ar1 (NIST Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators) specifies a total of tree mechanisms: Implement the three DRBG mechanisms (Hash_DRBG, HMAC_DRBG, CTR_DRBG) in 800-90Ar1 (on all platforms). However, although you might expect that we would now have three methods to create such secure random algorithms:

问题 Users can purchase a "Pro" version of my app. When they do, I store and verify their purchase as follows. Combine the user's UUID and another unique string. The resulting string is then encrypted using a static seed. I do this using SecureRandom.getInstance("SHA1PRNG", "Crypto") - This is the problem! The resulting encrypted string is then the "unlock code". Therefore, I always know the expected unique unlock code value for the user. When the user purchases "Pro", I store the "unlock code" in

问题 How do I generate a random number between 0 and n ? 回答1: Use rand(range) From Ruby Random Numbers: If you needed a random integer to simulate a roll of a six-sided die, you'd use: 1 + rand(6) . A roll in craps could be simulated with 2 + rand(6) + rand(6) . Finally, if you just need a random float, just call rand with no arguments. As Marc-André Lafortune mentions in his answer below (go upvote it), Ruby 1.9.2 has its own Random class (that Marc-André himself helped to debug, hence the 1.9.2

问题 Is there anyway I can generate always the same private key? I tired to initialize KeyPairGenerator with a RandomSecure object which uses the same seed : private PrivateKey getPrivateKey(String seed) { try { SecureRandom sr = new SecureRandom(seed.getBytes()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024, sr); KeyPair keyPair = keyGen.generateKeyPair(); return keyPair.getPrivate(); } catch (NoSuchAlgorithmException e) { System.out.println("Failed to