Cryptographic pseudo-random number generation.
An application should create a single
SystemRandom and then use it for
all randomness generation. Functions that generate random bytes should take
&SecureRandom parameter instead of instantiating their own. Besides
being more efficient, this also helps document where non-deterministic
(random) outputs occur. Taking a reference to a
SecureRandom also helps
with testing techniques like fuzzing, where it is useful to use a
(non-secure) deterministic implementation of
SecureRandom so that results
can be replayed. Following this pattern also may help with sandboxing
(seccomp filters on Linux in particular). See
documentation for more details.
A secure random number generator where the random values come directly from the operating system.
A secure random number generator.