Should I seed a SecureRandom?

Question

Found the following code in our code base:

public static final int DEFAULT_LENGTH = 16;
private static SecureRandom SR;
static
{
   try
   {
      SecureRand         


        

Answer 1

I think this is completely unneccessary, because as the Javadoc you quote clearly states: Default-constructed SecureRandom instances seed themselves. The person who wrote this probably didn't know that.

They might also actually decrease security by forcing a fixed seed length that could be less-than-ideal for the RNG implementation.

Finally, assuming the snippet is posted unaltered, the silent exception swallowing isn't very good coding style either.