Code example for SecureRandom

Methods: nextBytessetSeed

0
 * Date: 2010-12-18 
 */ 
public class SessionIdFactory { 
 
    public SessionId createNewSessionId() { 
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        byte[] bytes = new byte[16];
        secureRandom.nextBytes(bytes);
        return new SessionId(new String(Hex.encodeHex(bytes)));
    } 
} 
 
/* 
    Problem: The pseudo random generator is instantiated for every session id and it's 
    seeded with a timestamp which is not a good source of randomness. If the attacker 
    knows roughly when the victim logged in he/she can try to brute force the session 
    id. 1,000 tries covers a second. 60,000 tries covers a minute. 
 */ 
Contextual code suggestions in your IDE  Get Codota for Java