Difference between nextXXX () and generateSeed () function in SecureRandom?
What is the difference between nextXXX () function - for example nextInt()
, nextFloat()
and nextBytes()
- and generateSeed(int numBytes): byte[]
in the SecureRandom class Java?
How is the "seed generation algorithm" generateSeed
different from the most secure random generator?
source to share
generateSeed()
does not use any bytes generated by the random number generator. Instead, only the source is passed on to the entropy source, which the implementation uses SecureRandom
for the seed when and if it sowed itself .
So, for example, calling the following code in Oracle provided by Java SE:
// initSeed is just zero valued bytes
byte[] initSeed = new byte[16];
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(initSeed);
byte[] seed = secureRandom.generateSeed(16);
byte[] data = new byte[16];
secureRandom.nextBytes(data);
System.out.printf("Seed: %s%n", Hex.toHexString(seed));
System.out.printf("Data: %s%n", Hex.toHexString(data));
seed
Will actually return different values ββfor and will always be the same value for data
. In other words, it generateSeed
uses the operating system to request 16 bytes of entropy, whereas the random number generator is seeded with only initSeed
and therefore will always generate the same pseudo-random number stream.
source to share
The random number functions depend on the seed from which they generate a sequence of random numbers (reading on a PRNG - generating pseudo-random numbers). The functions next
return the next number generated from this seed (seed). generateSeed()
will create a new seed for using the PRNG.
source to share