Discussions
Categories
- 382.6K All Categories
- 2.1K Data
- 213 Big Data Appliance
- 1.9K Data Science
- 448.5K Databases
- 221.1K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 542 MySQL Community Space
- 469 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 503 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.3K SQL & PL/SQL
- 21.1K SQL Developer
- 294K Development
- 9 Developer Projects
- 131 Programming Languages
- 290.7K Development Tools
- 97 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 151 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 17 Java Essentials
- 147 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 201 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 301 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 168 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 235 Portuguese
Correct way for using SecureRandom API's
We are currently using SecureRandom under java.security package for generating random number to be used as encryption key for users logging into the application. The application in J2EE with app server running on weblogic and linux, We a using generateSeed method for every user login to get a 16 byte key. The performance of generateSeed is very non-deterministic and varies a lot.
I was thinking of an alternate implementation in following lines:
1. Call the generateSeed once during the application startup.
2, Set the secure random object with seed generated in step 1.
2. For each user login. Call the nextBytes method from secure random object to retrieve the next 16 bytes of random number. Make the call to the method syncronized
Does the call to nextBytes method return next random number which is based on the seed that has been in step 1. Is my understanding correct
Is there any foreseeable security issue with this approach. Please give me reference to any relevant documentation as I could not find anything that explains clearly on SecureRandom class java.