Your keys aren't alright, use java.util.SecureRandom/getInstanceStrong

Hello,

just a friendly reminder that the default constructor of java.util.SecureRandom is based on SHA1PRNG which has a statespace of about 160 bits, which is not very much when it comes to generating a lot of really random data.

Instead use java.util.SecureRandom/getInstanceStrong which uses some stronger algorithm.

1 Like