...
Note that use of the setSeed() method to seed the SecureRandom object prior to invoking nextBytes() is insecure because that bypasses the standard system generated seeding mechanism. It is also recommended to specify the exact random number generator and provider for better portability.
Applicability
Insufficiently secure random numbers enable attackers to gain specific information about the context in which they are used. For instance, an attacker may be able to guess a cryptographic key.
Insecure random numbers are useful in some contexts that do not require security. These are addressed in the exceptions to MSC02-J. Generate strong random numbers.
Bibliography
| [TODO] | https://www.cigital.com/justice-league-blog/2009/08/14/proper-use-of-javas-securerandom/ |
[API 2011] |
...