Course – LS – All

Get started with Spring and Spring Boot, through the Learn Spring course:

>> CHECK OUT THE COURSE

1. Overview

The SecureRandom class, found in the java.security package, is specifically designed for cryptographic purposes and critical security situations, using algorithms that ensure a high level of unpredictability.

In this tutorial, we’ll discuss generating a unique positive long value using SecureRandom and explore how safe it is from collisions when generating multiple values.

2. Using nextLong()

The nextLong() method of SecureRandom returns a value of type long that is a random 64-bit number. These values are randomly spread over an extremely wide range of values, from Long.MIN_VALUE (-2^63) to Long.MAX_VALUE (2^63 – 1).

This method is inherited from the Random class. However, it is guaranteed to be safer in terms of the collision probability due to using a higher number of seed bits.

Under the hood, it uses pseudo-random number generator (PRNG), also known as deterministic random bits generator or DRBG, in combination with an entropy source that is provided by the operating system.

Let’s see how we can use it to generate a random long value:

new SecureRandom().nextLong();

If we print a few results from this method call, we might see output like:

4926557902899092186
-2282075914544479463
-4653180235857827604
6589027106659854836

So, if we only need positive values, then we need to additionally use Math.abs():

SecureRandom secureRandom = new SecureRandom();
long randomPositiveLong = Math.abs(secureRandom.nextLong());

In this way, the results are guaranteed to always be positive:

assertThat(randomPositiveLong).isNotNegative();

3. Collision Probability

Because we need to generate unique values, it is important to ensure the probability of a collision is sufficiently low.

As we noted above, the nextLong() method generates a 64-bit random long value ranging from -2^63 to 2^63 – 1. Subsequently, by applying Math.abs(), we eliminate any negative sign. Therefore, the randomness of the 0 to 2^63 range is reduced by a factor of 2. Consequently, the probability of collision is calculated as 1 / 2^62. In decimal form, this probability is approximately 0.000000000000000000216840434497100900. For most practical applications, we can consider this low probability to be insignificant.

Assuming it generates one value per second, on average, only one collision would occur in a period of approximately (2^62) / (60) / (60) / (24) / (365.25) years, or around 146,135,511,523 years. This extended timeframe further underscores the rarity of collision events.

4. Conclusion

In this article, we’ve discussed how to generate unique positive long values with SecureRandom. This approach is considered effective because it ensures a high level of unpredictability, and the probability of collision is insignificant for most applications, so it is suitable for use in a wide variety of circumstances.

As always, the full source code is available over on GitHub.

Course – LS – All

Get started with Spring and Spring Boot, through the Learn Spring course:

>> CHECK OUT THE COURSE
res – REST with Spring (eBook) (everywhere)
Subscribe
Notify of
guest
2 Comments
Oldest
Newest
Inline Feedbacks
View all comments