问题
Question is in the title, quite new here so don't know much about the site yet. Want to use hash for creating "more randomness" but not yet sure about Java's Math.Random() yet, is it possible to crack it?
回答1:
If you are using java.util.Random(), it is possible. Have a look at this Code
For better security, you have to use SecureRandom as below
SecureRandom secureRandomGenerator = SecureRandom.getInstance("SHA1PRNG");
But the best solution, which can't be cracked is using Hardware for Random number generation.
EDIT:
Algorithms based on Random like MersenneTwister can be hacked as per this article by Dan Petro
CSPRNGs (Cryptographically secure pseudorandom number generator) to use are:
Reading from
/dev/urandomon a Unix-like systemThe Java
SecureRandomclassThe .NET
RNGCryptoServiceProviderclassThe PHP
openssl_random_pseudo_bytes()function
In contrast, some examples of random number generators to avoid are:
The
libc rand()functionThe Java Random class
The .NET Random class
PHP’s
rand()and mt_rand()functions
Have a look at this article by Thomas Huhn
来源:https://stackoverflow.com/questions/33035721/is-there-a-way-to-guess-the-next-number-java-random