Java Language Security & Cryptography Randomness and You


Needs content

For most applications, the java.utils.Random class is a perfectly fine source of "random" data. If you need to choose a random element from an array, or generate a random string, or create a temporary "unique" identifier, you should probably use Random.

However, many cryptographic systems rely on randomness for their security, and the randomness provided by Random simply isn't of high enough quality. For any cryptographic operation that requires a random input, you should use SecureRandom instead.