Is SecureRandom thread safe? That is, after initializing it, can access to the next random number be relied on to be thread safe? Examining the source code seems to show that it is, and this bug report seems to indicate that its lack of documentation as thread safe is a javadoc issue. Has anyone confirmed that it is in fact thread safe?
+3
A:
Yes, it is. It uses synchronization to protect the integrity of its state.
It might be possible for a provider to override the relevant methods without synchronization, but there is a lot of code out there relying on the de facto contract of thread-safe SecureRandom, so this would likely be reported as a bug.
If many threads are using a single SecureRandom, there might be contention that hurts performance. On the other hand, initializing a SecureRandom instance can be relatively slow. Whether it is best to share a global RNG, or to create a new one for each thread will depend on your application.
erickson
2009-09-22 18:02:01
+1
A:
Yes. It's totally thread-safe. Actually, I would complain the lock is too aggressive. The whole engineNextBytes() is synchronized.
To be frank with you, I wouldn't know if it's not safe. The threading issue probably introduces more randomness :)
ZZ Coder
2009-09-22 18:05:29
+1
A:
Can anyone who believes SecureRandom (or any or all of its methods) is thread-safe give a reference here about where they got their knowledge? Source code? What I found is a bug report complaining about the lack of proper documentation regarding this issue (or worse, lack of synchronization): http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6498354
Detlev
2010-01-04 22:33:55
I determined it from the source code.
erickson
2010-01-04 23:04:19
+1 for the link to the sun bug.
Paul Wagland
2010-06-29 22:14:43
+1
A:
The current implementation of SecureRandom is thread safe, specifically the two mutating methods nextBytes(bytes[]) and setSeed(byte[]) are synchronized.
Well, as far as I've been able to tell, all mutating methods are eventually routed through those two methods, and SecureRandom overrides a few methods in Random to ensure that. Which works but could be brittle if the implementation is changed in the future.
The best solution is to manually synchronize on the SecureRandom instance first. This means each call stack will acquire two locks on the same object, but that is usually very cheap on modern JVMs. That is, there is not much harm in explicitly synchronizing yourself. For example:
SecureRandom rnd = ...;
byte[] b = new byte[NRANDOM_BYTES];
synchronized (rnd) {
rnd.nextBytes(b);
}
Matt Quail
2010-04-28 04:47:03