JAVA-Random and SecureRandom with example

Random

java.util
Class Random

public class Random extends Object implements Serializable


The classes defined in Random are not cryptographically strong, and the numbers chosen are not completely random because a definite mathematical algorithm (based on Donald E. Knuth’s subtractive random number generator algorithm) is used to select them. Therefore, it is not safe to use this class for tasks that require a high level of security, like creating a random password etc.

The class uses a 48-bit seed

Instances of java.util.Random are threadsafe. However, the concurrent use of the same java.util.Random instance across threads may encounter contention and consequent poor performance. Consider instead using ThreadLocalRandom in multithreaded designs.

Instances of java.util.Random are not cryptographically secure. Consider instead using SecureRandom to get a cryptographically secure pseudo-random number generator for use by security-sensitive applications.


Random Example:


package com.knowledgefactory;

import java.util.Random;

/*
* A Java program to demonstrate random number
generation using java.util.Random;
import java.util.Random;
 * */

public class KnowledgeFactoryRandom {

public static void main(String[] argv) {
// create instance of Random class
Random rand = new Random();
// Generate random integers in range 0 to 9999
int value = rand.nextInt(10000);
// Print random integers
System.out.println("Random Integers:" + value);

}
}


SecureRandom


java.security

Class SecureRandom

public class SecureRandom extends Random

This class provides a cryptographically strong random number generator (RNG).
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong.
A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

SecureRandom random = new SecureRandom();


SecureRandom Example:

package com.knowledgefactory;

import java.security.SecureRandom;

/*
 * A Java program to demonstrate random number
 *  generation using java.security.SecureRandom ;
 *  import java.security.SecureRandom ;
 * */

/**
 * @author www.knowledgefactory.net
 */

public class KnowledgeFactorySecureRandom {

public static void main(String[] argv) {
// create instance of SecureRandom class
SecureRandom rand = new SecureRandom();
// Generate random integers in range 0 to 9999
int value = rand.nextInt(10000);
// Print random integers
System.out.println("Random Integers:" + value);

}
}


This article is contributed by Sibin. Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above

Comments