Forum Stats

  • 3,838,660 Users
  • 2,262,390 Discussions


Correct way for using SecureRandom API's

1155268 Member Posts: 7

We are currently using SecureRandom under package for generating random number to be used as encryption key for users logging into the application. The application in J2EE with app server running on weblogic and linux, We a using generateSeed method for every user login to get a 16 byte key. The performance of generateSeed  is very non-deterministic and varies a lot.

I was thinking of an alternate implementation in following lines:

1. Call the generateSeed once during the application startup.

2, Set the secure random object with seed generated in step 1.

2. For each user login. Call the nextBytes method from  secure random object to retrieve the next 16 bytes of random number. Make the call to the method syncronized

Does the call to nextBytes method return next random number which is based on the seed that has been in step 1. Is my understanding correct

Is there any foreseeable security issue with this approach. Please give me reference to any relevant documentation as I could not find anything that explains clearly on SecureRandom  class java.

This discussion has been closed.