Random numbers are crucial in cryptography. They are used to create cryptographic keys and, in some cases, to encrypt or sign data. A random number is one whose value cannot be predicted. A random number generator (RNG) is a device that produces random numbers.
It’s fairly easy for humans to generate random numbers. You can sit down with a pair of dice or a deck of cards, and generate as many random numbers as you want. It’s much harder to convince a computer to generate random numbers. Computers are designed to be methodical and deterministic. Some computers can use specialized hardware to generate random numbers, by measuring an unstable electronic circuit or radioactive decay or some other random process. Most of us, however, don’t have this kind of hardware. Furthermore, such solutions tend to be very platform-specific, which is not good for Java programmers.
As with horseshoes and hand grenades, “close” has to be good enough. Computers, therefore, use a pseudo-random number generator (PRNG) as a source of “random” data. A PRNG uses an algorithm to generate an endless sequence of ostensibly random numbers. Usually a message digest function is used iteratively to make it difficult to determine the past or future output of the PRNG. The PRNG is initialized, or seeded , using a small set of truly random data.
That’s the way it’s supposed to work. Programmers who are not familiar with cryptography usually seed the PRNG with the current value of the system clock. Anyone ...