I'm sure there's not one answer to this question, but just trying to find out a general approach.
Using Java 1.4.2, I need to generate a key and IV for use in a symmetric algorithm. These values will be pre-shared with the recipient through a secure channel.
The key I can generate with KeyGenerator.keyGenerate(). But unless I'm missing it, there's no function for generating a random IV.
Should I do something completely arbitrary like pull 16 random bytes from memory? Or is there a preferred way of generating sufficiently random initialization vectors?
Any guidance appreciated.
解决方案
For some implementations, the SecureRandom class will help you out by producing true random numbers:
Many SecureRandom implementations are
in the form of a pseudo-random number
generator (PRNG), which means they use
a deterministic algorithm to produce a
pseudo-random sequence from a true
random seed. Other implementations may
produce true random numbers, and yet
others may use a combination of both
techniques.
It has two methods, getProvider() and getAlgorithm() which should give you some information about which implementation is used. From this page it seems that the pseudo random generator SHA1PRNG (which is seeded with true random data) is one of them or even the only one currently available.