posted 9 years ago

For general statistics, Random is fine. Its a typical modulo congruent function.

SecureRandom is more random. Specifically, it aims to make it impossible to predict the next "random" number from a sequence, which is trivial to do with most modulo congruent algorithms.

Consider a Monti Carlo simulation. You call the nextRan() function and are happy as long as the function's pseudo random numbers pass the usual random tests.

Consider a cryptographic message protocol, where you generate random session keys. Once a few sequential keys are know, you do not want the bad guy (traditionally labelled Mallet or Eve) to be able to predict the next key generated from the "random" function.

So the use of a traditional modulo congruent algorithm is not at all suitable in a crypto application.

SecureRandom is more random. Specifically, it aims to make it impossible to predict the next "random" number from a sequence, which is trivial to do with most modulo congruent algorithms.

Consider a Monti Carlo simulation. You call the nextRan() function and are happy as long as the function's pseudo random numbers pass the usual random tests.

Consider a cryptographic message protocol, where you generate random session keys. Once a few sequential keys are know, you do not want the bad guy (traditionally labelled Mallet or Eve) to be able to predict the next key generated from the "random" function.

So the use of a traditional modulo congruent algorithm is not at all suitable in a crypto application.