Code example for SecureRandom

Methods: nextBytessetSeed

 * Date: 2010-12-18 
public class SessionIdFactory { 
    public SessionId createNewSessionId() { 
        SecureRandom secureRandom = new SecureRandom();
        byte[] bytes = new byte[16];
        return new SessionId(new String(Hex.encodeHex(bytes)));
    Problem: The pseudo random generator is instantiated for every session id and it's 
    seeded with a timestamp which is not a good source of randomness. If the attacker 
    knows roughly when the victim logged in he/she can try to brute force the session 
    id. 1,000 tries covers a second. 60,000 tries covers a minute.