Algoritmo en número SecureRandom

I am getting a random number in My android client as well as Server(Servlet). I am using the same SecureRandom algorithm("SHA1PRNG") in both client and server. My seed value is same for both. But the output number I am getting is different in both client as well as Server. What could be the reason for it? Here is my code:

SecureRandom random = new SecureRandom();
try {
    random.getInstance("SHA1PRNG");
} catch (Exception e) {
    // ...
}
;
random.setSeed(1097327);
byte[] b1 = new byte[3];
random.nextBytes(b1);
long value = 0;
for (int i = 0; i < b1.length; i++) {
    value += (b1[i] & 0xff) << (8 * i);
    Toast.makeText(getApplicationContext(), Long.toString(value),
            Toast.LENGTH_LONG).show();
}

preguntado el 10 de marzo de 12 a las 14:03

2 Respuestas

The javadoc of SecureRandom says:

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

Maybe the algorithm uses another randomness source to produce its random numbers. Doing it would not break the contract of the SecureRandom class. It would even satisfy it even more, since the goal of a secure random generator is to produce random numbers, and not a predictable sequence of numbers.

respondido 10 mar '12, 14:03

I have used secure randon number generator in Android and using the same seed instance twice, I got same Random number twice. When I did the same in Servlets,I got two equal random numbers for two same seeds. But the problem is the random number in Android is not equal to random number in servlet - suraj

The implementation on the Android platform and on the JDK used by your servlet are probably slightly different. But my point remains: it's not a good idea to use a class that, by contract, is supposed to produce numbers as securely random as possible, in order to get a predictable sequence of numbers, on several different platforms. Try using your own algorithm that, by contract, generates a predictible sequence given a seed, or generate the numbers on one of the sides, and share them with the other side. - JB Nizet

Okay. I ll consider it. Thanks a lot chap. You r just awesome - suraj

Let me put my 2 cents after 4 years.

SecureRandom is actually system-dependant, meaning that the way data is generated is OS-specific. The OS itself provides an interface to obtain entropy (it might be even the way you just moved your mouse). That's the reason you get different results.

Respondido 27 Jul 16, 20:07

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.