Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Add a default factory method to provide simpler API and better hardware random.
OpensslCryptoRandom uses hardware random number generator if hardware supports.
Hardware random number generators are almost always better to use than a software based generator. Hardware generators are often called True Random Number generators (TRNG) or Non-Deterministic Random Number Generators since they don't rely on the deterministic behavior of executing software instructions. Their bits streams are nearly always indistinguishable from random streams, and their entropy is always nearly 100%.
Modern Intel CPUs(3rd generation Core i5 or i7 processor (Ivy Bridge) or above) do support random number generator, it is better to provide a default API(openssl implementation) for the client user.
// By default, use True Random Number Generator (hardware random) // Simpler API. client code is clean. CryptoRandom random = CryptoRandomFactory.getCryptoRandom(); byte[] key = new byte[16]; random.nextBytes(key); random.close();