Where can I get a reliable source of entropy (real randomness byte[])?

情到浓时终转凉″ 提交于 2019-12-06 08:10:58

On Java 8+ you can use

SecureRandom rand = SecureRandom.getInstanceStrong();

To get the strongest randomness available on your platform. To be explicit you can use

SecureRandom rand = SecureRandom.getInstance("NativePRNGBlocking");

which use the entropy of /dev/random on Linux like systems. However, I expect it will fail if not available.

https://www.synopsys.com/blogs/software-security/proper-use-of-javas-securerandom/


Alternatively

You could create randomness based on the user's input by taking a SHA256 or higher of the System.nanoTime() of previous events.

Without being able to access the mic (which would require permissions) or grab bytes from random.org (which would require internet), the only thing that I can think of is the user him/herself: Present a blank square the user moves their finger across, instructing them to do it as randomly as possible, ideally for several seconds, and use that touch data. (I seem to recall an app I used to use — TrueCrypt? — did this.) You might even throw some pseudo-randomness on top of their human-randomness to try to avoid people gaming the system with extraordinarily precise repeatable movements.

If you relax your requirements a bit, you can probably get some quite good entropy from the mic (ambient noise) and/or accelerometer. And of course, if you request network access, you can download truly random data from http://random.org.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!