• Post Reply Bookmark Topic Watch Topic
  • New Topic

Java Random vs SecureRandom  RSS feed

 
Ranch Hand
Posts: 82
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I understand that SecureRandom extends Random and that SecureRandom is a cryptographically strong random number. But for general problems that require a random number, for example a program that performs statistical tests, Is there an advantage of one over the other?
 
Rancher
Posts: 4686
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For general statistics, Random is fine. Its a typical modulo congruent function.

SecureRandom is more random. Specifically, it aims to make it impossible to predict the next "random" number from a sequence, which is trivial to do with most modulo congruent algorithms.

Consider a Monti Carlo simulation. You call the nextRan() function and are happy as long as the function's pseudo random numbers pass the usual random tests.

Consider a cryptographic message protocol, where you generate random session keys. Once a few sequential keys are know, you do not want the bad guy (traditionally labelled Mallet or Eve) to be able to predict the next key generated from the "random" function.

So the use of a traditional modulo congruent algorithm is not at all suitable in a crypto application.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!