I have been doing some work with Java’s SecureRandom class to generate salts for later encryption and password hashing (I am generating separate salts for each task). The code I have been using is as follows:
//Init random number generator
secureRandom = SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(System.nanoTime());
//Create salts
secureRandom.nextBytes(bytAuthSalt);
secureRandom.nextBytes(bytEncryptionSalt);
Now, all was going fine until I started to actually verify the values that I got. For several sequential executions of the application my salts were:
[B@43d55dd8
[B@43d55b58
[B@43d55b50
[B@43bd0cc8
[B@43db0b08
[B@43bd0f50
I am disturbed by the fact that the numbers all appear to be roughly sequential. After some searching on the web, I repeated the runs again without seeding it myself to the same results.
My only guess as to what may be causing this comes from the fact that I am developing for the Android platform. I know that they have their own cryptographic providers but I do not get any exceptions. any ideas?
Thanks in advance.
It looks like you’re printing out the reference to the byte array instead of its contents. This is why they’re sequential, the reference is basically giving you the location in the JVM memory. Convert the byte array to a String before you print it.
Converting the array to a String using Arrays will show you the raw values of the bytes.