JSS SecureRandom

Overview

SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

PK11SecureRandom

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can be used as follows:

SecureRandom random = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");

See Also

• PK11SecureRandom Design

• NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators

• NIST Special Publication 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation

• NIST Special Publication 800-90C: Recommendation for Random Bit Generator (RBG) Constructions

• The Right Way to Use SecureRandom

• Class SecureRandom

• Using the SecureRandom Class

• That’s so SecureRandom

• Proper use of Java SecureRandom