0

Question is in the title, quite new here so don't know much about the site yet. Want to use hash for creating "more randomness" but not yet sure about Java's Math.Random() yet, is it possible to crack it?

Ravindra babu
  • 37,698
  • 11
  • 250
  • 211
PercyJackson
  • 11
  • 2
  • See http://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/ – Sumit Singh Oct 09 '15 at 10:23
  • Your question is not at all clear, please can you explain what it is you want to know? – Andi Emma Davies Oct 09 '15 at 10:27
  • What I mean is , is it possible to be able to guess the next number while using math.random() as a function for making random numbers. I wanted to try and improve the method by using hashes if Math.random is insecure. – PercyJackson Oct 10 '15 at 19:02

1 Answers1

3

If you are using java.util.Random(), it is possible. Have a look at this Code

For better security, you have to use SecureRandom as below

SecureRandom secureRandomGenerator = SecureRandom.getInstance("SHA1PRNG");

But the best solution, which can't be cracked is using Hardware for Random number generation.

EDIT:

Algorithms based on Random like MersenneTwister can be hacked as per this article by Dan Petro

CSPRNGs (Cryptographically secure pseudorandom number generator) to use are:

  1. Reading from /dev/urandom on a Unix-like system

  2. The Java SecureRandom class

  3. The .NET RNGCryptoServiceProvider class

  4. The PHP openssl_random_pseudo_bytes() function

In contrast, some examples of random number generators to avoid are:

  1. The libc rand() function

  2. The Java Random class

  3. The .NET Random class

  4. PHP’s rand() and mt_rand() functions

Have a look at this article by Thomas Huhn

Ravindra babu
  • 37,698
  • 11
  • 250
  • 211