java.security · java.base · since Java 1.1

SecureRandom

declaration
public class SecureRandom extends Random

Cryptographically strong randomness sourced from OS entropy: tokens, salts, IVs, keys. Slower than Random — and the only acceptable choice for security.

Key methods

static SecureRandom getInstanceStrong()The strongest configured algorithm.
void nextBytes(byte[] bytes)Fill with entropy — the salt/IV workhorse.