The SecureRandom Class

The SecureRandom class is an engine class that provides the functionality of a random number generator.

Creating a SecureRandom Object
As with all engine classes, the way to get a SecureRandom object is to call the getInstance static factory method on the SecureRandom class: 
static SecureRandom getInstance(String algorithm)
A caller can optionally specify the name of a provider or the Provider class, which will guarantee that the implementation of the random number generation (RNG) algorithm requested is from the named provider: 
static final SecureRandom getInstance(String algorithm, String provider)
static final SecureRandom getInstance(String algorithm, Provider provider)
Seeding or Re-Seeding the SecureRandom Object
The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to a getInstance method with a call to one of the setSeed methods: 
synchronized public void setSeed(byte[] seed)
public void setSeed(long seed)

After the SecureRandom object has been seeded, it will produce bits as random as the original seeds.

At any time a SecureRandom object can be re-seeded using one of the setSeed methods. The given seed supplements, rather than replaces, the existing seed; therefore, repeated calls are guaranteed never to reduce randomness.

Using a SecureRandom Object
To get random bytes, a caller simply passes an array of any length, which is then filled with random bytes: 
synchronized public void nextBytes(byte[] bytes)
Generating Seed Bytes
If desired, it is possible to invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example): 
byte[] generateSeed(int numBytes)
Start of changes for service refresh 1 fix pack 10Considerations for z/OSEnd of changes for service refresh 1 fix pack 10
Start of changes for service refresh 1 fix pack 10Changes are included in the SecureRandom class to improve randomness, which is critical to the security of private keys and stronger cryptographic operations. On z/OS, random data is acquired from /dev/random and /dev/urandom. The use of /dev/random and /dev/urandom places a dependency on ICSF for generating the random data. As a consequence, the RACF CSFSERV Access Permission for CSFRNG (random number generate callable service) must be granted to the exploiter to permit execution of those ICSF services that provide the requested cryptographic support for random number generation.End of changes for service refresh 1 fix pack 10