Why is SecureRandom in Java called CS PRNG and not TRNG?
https://stackoverflow.com/questions/8259272
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
SecureRandom internally makes use of other algorithms , like in case of Linux , makes use of NativePRNG which in turn makes use of /dev/urandom . But /dev/urandom is actually using interrupts events etc to generate entropy which is similar to a True Random Number Generator (TRNG) . So why is SecureRandom called PseudoRandom Number Generator , although it is dependent on the implementation of the algorithm it is using ?
Thanks
المحلول
I expect it has to do with guarantees. The guarantee of /dev/urandom is that it will use random data if available, filling in with pseudo-random data if necessary to avoid blocking. So if you're using /dev/urandom, you can't claim true randomness, even if sometimes you're getting it.
In the documentation for SecureRandom it says:
Many
SecureRandomimplementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
Thus, the guarantee of SecureRandom can only ever be that it works pseudo-randomly, if any implementations are allowed to do so. It may be able to do better, but that's not the contract.
نصائح أخرى
Not all operating systems implement the same functionality for /dev/random, and there is no guarantee that it will be anything other than an algorithm (though most modern systems do use interrupts, etc). That is why Java refers to it as a PRNG.
/dev/random on Linux is a TRNG.
