If you don’t specify a seed
value when you construct a
SecureRandom, one will
be generated for you. This is where it gets confusing. The
SecureRandom class has a static member variable,
SecureRandom, called the
seed generator. It is used to
generate seed values for new
instances. Every time you create a
new SecureRandom(), the seed generator is
used to seed your
So how does the seed generator get seeded?
SecureRandom uses an algorithm based on the timing
of threads on the system to generate some supposedly random data. It
uses this data to seed the seed generator itself.
Thus, real random seed generation occurs only once, the first time
you construct a
SecureRandom. It has two
It takes a few seconds (5-10 seconds on my Pentium 90).
The thread timing algorithm is not thoroughly tested. It may have weaknesses that cryptanalysts could exploit.
As Sun says in the
This empty constructor automatically seeds the generator. We attempt to provide sufficient seed bytes to completely randomize the internal state of the generator (20 bytes). Note, however, that our seed generation algorithm has not been thoroughly studied or widely deployed. It relies on counting the number of times that the calling thread can yield while waiting for another thread to sleep for a specified interval.
The first time this constructor is called in a given Virtual Machine, it may take several seconds of CPU time to seed the generator, depending on the underlying hardware. Successive calls run quickly because they rely on the same (internal) pseudo-random number generator for their seed bits.