The java.security.SecureRandom class is widely used for generating cryptographically strong random numbers. Random number generation depends on a source of entropy such as signals, devices or inputs from hardware. According to the java.security file present in the JRE's lib\security folder:
Select the source of seed data for SecureRandom. By default an attempt is made to use the entropy gathering device specified by the securerandom.source property. If an exception occurs when accessing the URL then the traditional system/thread activity algorithm is used.
On Solaris and Linux systems, if file:/dev/urandom is specified and it exists, a special SecureRandom implementation is activated by default. This "NativePRNG" reads random bytes directly from /dev/urandom. On Windows systems, the URLs file:/dev/random and file:/dev/urandom enables use of the Microsoft CryptoAPI seed functionality.
Noncompliant Code Example
| Code Block | ||||
|---|---|---|---|---|
| ||||
p |
Compliant Solution
| Code Block | ||||
|---|---|---|---|---|
| ||||
p |
Applicability
Bibliography
...