1.3 KiB
java.util.Random
a) Numbers are generated using a linear congruential generator. They are pseudorandom and the algorithm accepts a 48-bit seed.
b) java.util.Random produces uniformly distributed pseudorandom numbers.
c) No, in the documentation SecureRandom is recommended as a good alternative for cryptographic use-cases.
java.lang.Math.random()
java.lang.Math.random() is a wrapper for java.util.Random (therefore same as above).
java.security.SecureRandom
a) A unpredictable source of randomness should be used, but the algorithm in use can vary since SecureRandom.getInstance("algorithm") exists. Multiple ones are available.
b) The distribution of numbers is completely random and unpredictable.
c) Yes, hence the name, SecureRandom.
/dev/random
a) The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. It keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool, random numbers are created.
b) The distribution of numbers is completely random and unpredictable.
c) Yes, all use cases are fine.
/dev/urandom
Preferred to random except for applications that require randomness at early boot time since it is not available there. The rest is the same as for dev/random.