Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Correct way for using SecureRandom API's

1155268Jan 8 2016

We are currently using SecureRandom under java.security package for generating random number to be used as encryption key for users logging into the application. The application in J2EE with app server running on weblogic and linux, We a using generateSeed method for every user login to get a 16 byte key. The performance of generateSeed  is very non-deterministic and varies a lot.

I was thinking of an alternate implementation in following lines:

1. Call the generateSeed once during the application startup.

2, Set the secure random object with seed generated in step 1.

2. For each user login. Call the nextBytes method from  secure random object to retrieve the next 16 bytes of random number. Make the call to the method syncronized

Does the call to nextBytes method return next random number which is based on the seed that has been in step 1. Is my understanding correct

Is there any foreseeable security issue with this approach. Please give me reference to any relevant documentation as I could not find anything that explains clearly on SecureRandom  class java.

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Feb 5 2016
Added on Jan 8 2016
0 comments
587 views