StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
11052736
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
9
CommunityOwnedDate
CreationDate
2012-06-15T14:32:29.463
FavoriteCount
0
LastActivityDate
2013-01-02T00:38:14.103
LastEditDate
2013-01-02T00:38:14.103
LastEditorUserId
827060
OwnerUserId
827060
ParentId
11051205
PostTypeId
2
Score
214
ViewCount
0
LastEditorDisplayName
text
Body
<p>The standard Oracle JDK 7 implementation uses what's called a Linear Congruential Generator to produce random values in <code>java.util.Random</code>. </p> <p>Taken from <code>java.util.Random</code> source code (JDK 7u2), from a comment on the method <code>protected int next(int bits)</code>, which is the one that generates the random values:</p> <blockquote> <p>This is a linear congruential pseudorandom number generator, as defined by D. H. Lehmer and described by Donald E. Knuth in <i>The Art of Computer Programming,</i> Volume 3: <i>Seminumerical Algorithms</i>, section 3.2.1.</p> </blockquote> <h3>Predictability of Linear Congruential Generators</h3> <p>Hugo Krawczyk wrote a pretty good paper about how these LCGs can be predicted ("How to predict congruential generators"). If you're lucky and interested, you may still find a free, downloadable version of it on the web. And there's plenty more research that clearly shows that you should <strong>never</strong> use an LCG for security-critical purposes. This also means that your random numbers <em>are</em> predictable right now, something you don't want for session IDs and the like.</p> <h3>How to break a Linear Congruential Generator</h3> <p>The assumption that an attacker would have to wait for the LCG to repeat after a full cycle is wrong. Even with an optimal cycle (the modulus m in its recurrence relation) it is very easy to predict future values in much less time than a full cycle. After all, it's just a bunch of modular equations that need to be solved, which becomes easy as soon as you have observed enough output values of the LCG. </p> <p>The security doesn't improve with a "better" seed. It simply doesn't matter if you seed with a random value generated by <code>SecureRandom</code> or even produce the value by rolling a die several times. </p> <p>An attacker will simply compute the seed from the output values observed. This takes <em>significantly less</em> time than 2^48 in the case of <code>java.util.Random</code>. Disbelievers may try out this <a href="http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html" rel="noreferrer">experiment</a>, where it is shown that you can predict future <code>Random</code> outputs observing only two(!) output values in time roughly 2^16. It takes not even a second on a modern computer to predict the output of your random numbers right now.</p> <h3>Conclusion</h3> <p>Replace your current code. Use <code>SecureRandom</code> exclusively. Then at least you will have a little guarantee that the result will be hard to predict. If you want the properties of a cryptographically secure PRNG (in your case, that's what you want), then you have to go with <code>SecureRandom</code> only. Being clever about changing the way it was supposed to be used will almost always result in something less secure...</p>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. PODifference between java.util.Random and java.security.SecureRandom
  singulars
  PostTypePostTypeId
  PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USemboss
UserOwnerUserId
1. USemboss
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. PODifference between java.util.Random and java.security.SecureRandom
  singulars
  PostTypePostTypeId
  PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
2. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
3. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.