In earlier versions of Java, that is, version 8 and earlier, the JDK had two approaches to generating secure random numbers. One method, written in Java, used SHA1-based random number generation and was not terribly strong. The other method was platform-dependent and used preconfigured libraries.
Deterministic Random Bit Generator (DRBG) is a method for generating random numbers. It has been approved by the NIST, a branch of the U.S. Department of Commerce. DRBG methodologies include modern and stronger algorithms for generating secure random numbers.
Recently, three specific DRBG mechanisms were implemented. These mechanisms are listed as follows:
- Hash_DRBG
- HMAC_DRBG
- CTR_DRBG
You can learn the specifics of each of the DRBG mechanisms at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf.
Here are the three new APIs:
- SecureRandom: New methods, allowing for the configuration of SecureRandom objects with the following configurable properties:
- Seeding
- Reseeding
- Random-bit-generation
- SecureRandomSpi: New methods to implement the SecureRandom methods.
- SecureRandomParameter: New interfaces so that input can be passed to the new SecureRandom methods.