com.helger.commons.random

Class VerySecureRandom

java.lang.Object

com.helger.commons.random.VerySecureRandom

@Immutable
public final class VerySecureRandom
extends Object

A secure random generator initialized with another secure random generator.
Using /dev/random may require waiting for the result as it uses so-called entropy pool, where random data may not be available at the moment. /dev/urandom returns as many bytes as user requested and thus it is less random than /dev/random.

• random When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered.
• urandom A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead.

Use -Djava.security.egd=file:/dev/./urandom on the commandline to use urandom

Find a good description that states how it is done this way: https://www.cigital.com/blog/proper-use-of-javas-securerandom/ Updated to https://www.synopsys.com/blogs/software-security/proper-use-of-javas-securerandom/
Initialize SecureRandom This is a lengthy operation, to be done only upon initialization of the application.
On Linux SecureRandom.getInstanceStrong () takes more or less forever (when using /dev/random) - up to 30 minutes until enough entropy is present

Author:

Philip Helger

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_RE_SEED_INTERVAL

Method Summary

Modifier and Type	Method and Description
static SecureRandom	getInstance()
static int	getReSeedInterval() Get the interval of getInstance() calls after which the random should be re-seeded.
static void	setReSeedInterval(int nReseedInterval) Set the interval of getInstance() calls after which the random should be re-seeded.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_RE_SEED_INTERVAL

public static final int DEFAULT_RE_SEED_INTERVAL

See Also:

Constant Field Values

Method Detail

setReSeedInterval

public static void setReSeedInterval(@Nonnegative
                                     int nReseedInterval)

Set the interval of getInstance() calls after which the random should be re-seeded.

Parameters:

nReseedInterval - The re-seed interval. Must be ≥ 0. The value of 0 means: don't re-seed. The default value is 20.

getReSeedInterval

@Nonnegative
public static int getReSeedInterval()

Get the interval of getInstance() calls after which the random should be re-seeded.

Returns:

The re-seed interval. Always ≥ 0. The value of 0 means: don't re-seed. The default value is 20.

getInstance

@Nonnull
public static SecureRandom getInstance()

Returns:

The SecureRandom instance that does the hard work. Never null.