播种java.security.SecureRandom是不必要的？ [英] seeding java.security.SecureRandom unnecessary?

问题描述

我正在使用Java 1.7，并且正如下面的代码所示（使用Oracle的Java 7编译器在Ubuntu中编译）播种 java.security.SecureRandom 似乎是不必要的，因为代码会生成两个不同的BigIntegers用于两个伪随机序列的起始值：

I am using Java 1.7 and as the code below demonstrates (compiled with Oracle's Java 7 compiler in Ubuntu) seeding java.security.SecureRandom appears to be unneccessary as the code produces two different BigIntegers for the starting value of the two pseudo-random sequences:

import java.security.SecureRandom;
import java.math.BigInteger;

public class SessionIdTest {

    public static void main (String args[]) {
    long seed = System.currentTimeMillis();
        {
            SecureRandom random = new SecureRandom();
            random.setSeed(seed);
            BigInteger a = new BigInteger(130, random);
            System.out.println(a);
        }
        {
            SecureRandom random = new SecureRandom();
            random.setSeed(seed);
            BigInteger a = new BigInteger(130, random);
            System.out.println(a);
        }
    }
}

的目的是什么> setSeed 然后呢？或者 SecureRandom 除种子之外还使用其他一些随机来源吗？

What's the purpose of setSeed then? Or is SecureRandom also using, in addition to the seed, some other source of randomness?

推荐答案

javadoc说：

许多SecureRandom实现采用伪随机数生成器（PRNG）的形式，这意味着它们使用了确定性算法从真随机种子产生伪随机序列。其他实现可以产生真正的随机数，而其他实现可以使用两种技术的组合。

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

因此，依靠安全随机数通过播种来生成确定性值序列将不一定有效，如文档所述。

So, counting on a secure random to generate a deterministic sequence of values by seeding it won't necessarily work, as documented.

这篇关于播种java.security.SecureRandom是不必要的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！