播种java.security.SecureRandom是不必要的? [英] seeding java.security.SecureRandom unnecessary?
问题描述
我正在使用Java 1.7,并且正如下面的代码所示(使用Oracle的Java 7编译器在Ubuntu中编译)播种 java.security.SecureRandom 似乎是不必要的,因为代码会生成两个不同的BigIntegers用于两个伪随机序列的起始值:
I am using Java 1.7 and as the code below demonstrates (compiled with Oracle's Java 7 compiler in Ubuntu) seeding java.security.SecureRandom appears to be unneccessary as the code produces two different BigIntegers for the starting value of the two pseudo-random sequences:
import java.security.SecureRandom;
import java.math.BigInteger;
public class SessionIdTest {
public static void main (String args[]) {
long seed = System.currentTimeMillis();
{
SecureRandom random = new SecureRandom();
random.setSeed(seed);
BigInteger a = new BigInteger(130, random);
System.out.println(a);
}
{
SecureRandom random = new SecureRandom();
random.setSeed(seed);
BigInteger a = new BigInteger(130, random);
System.out.println(a);
}
}
}
的目的是什么> setSeed 然后呢?或者 SecureRandom 除种子之外还使用其他一些随机来源吗?
What's the purpose of setSeed then? Or is SecureRandom also using, in addition to the seed, some other source of randomness?
推荐答案
javadoc说:
许多SecureRandom实现采用伪随机数生成器(PRNG)的形式,这意味着它们使用了确定性算法从真随机种子产生伪随机序列。其他实现可以产生真正的随机数,而其他实现可以使用两种技术的组合。
Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
因此,依靠安全随机数通过播种来生成确定性值序列将不一定有效,如文档所述。
So, counting on a secure random to generate a deterministic sequence of values by seeding it won't necessarily work, as documented.
这篇关于播种java.security.SecureRandom是不必要的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!