Discussions
Categories
- 197K All Categories
- 2.5K Data
- 546 Big Data Appliance
- 1.9K Data Science
- 450.8K Databases
- 221.9K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 552 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 556 SQLcl
- 4K SQL Developer Data Modeler
- 187.2K SQL & PL/SQL
- 21.4K SQL Developer
- 296.3K Development
- 17 Developer Projects
- 139 Programming Languages
- 293K Development Tools
- 110 DevOps
- 3.1K QA/Testing
- 646.1K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 158 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 19 Java Essentials
- 162 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 205 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 468 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 175 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 233 Portuguese
Correct way for using SecureRandom API's
We are currently using SecureRandom under java.security package for generating random number to be used as encryption key for users logging into the application. The application in J2EE with app server running on weblogic and linux, We a using generateSeed method for every user login to get a 16 byte key. The performance of generateSeed is very non-deterministic and varies a lot.
I was thinking of an alternate implementation in following lines:
1. Call the generateSeed once during the application startup.
2, Set the secure random object with seed generated in step 1.
2. For each user login. Call the nextBytes method from secure random object to retrieve the next 16 bytes of random number. Make the call to the method syncronized
Does the call to nextBytes method return next random number which is based on the seed that has been in step 1. Is my understanding correct
Is there any foreseeable security issue with this approach. Please give me reference to any relevant documentation as I could not find anything that explains clearly on SecureRandom class java.