org.owasp.esapi
Interface Randomizer
- All Known Implementing Classes:
- DefaultRandomizer
public interface Randomizer
The Randomizer interface defines a set of methods for creating
cryptographically random numbers and strings. Implementers should be sure to
use a strong cryptographic implementation, such as the JCE or BouncyCastle.
Weak sources of randomness can undermine a wide variety of security
mechanisms. The specific algorithm used is configurable in ESAPI.properties.
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
Method Summary |
boolean |
getRandomBoolean()
Returns a random boolean. |
byte[] |
getRandomBytes(int n)
Generates a specified number of random bytes. |
java.lang.String |
getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension. |
java.lang.String |
getRandomGUID()
Generates a random GUID. |
int |
getRandomInteger(int min,
int max)
Gets the random integer. |
long |
getRandomLong()
Gets the random long. |
float |
getRandomReal(float min,
float max)
Gets the random real. |
java.lang.String |
getRandomString(int length,
char[] characterSet)
Gets a random string of a desired length and character set. |
getRandomString
java.lang.String getRandomString(int length,
char[] characterSet)
- Gets a random string of a desired length and character set. The use of java.security.SecureRandom
is recommended because it provides a cryptographically strong pseudo-random number generator.
If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
- Parameters:
length
- the length of the stringcharacterSet
- the set of characters to include in the created random string
- Returns:
- the random string of the desired length and character set
getRandomBoolean
boolean getRandomBoolean()
- Returns a random boolean. The use of java.security.SecureRandom
is recommended because it provides a cryptographically strong pseudo-random number generator.
If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
- Returns:
- true or false, randomly
getRandomInteger
int getRandomInteger(int min,
int max)
- Gets the random integer. The use of java.security.SecureRandom
is recommended because it provides a cryptographically strong pseudo-random number generator.
If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
- Parameters:
min
- the minimum integer that will be returnedmax
- the maximum integer that will be returned
- Returns:
- the random integer
getRandomLong
long getRandomLong()
- Gets the random long. The use of java.security.SecureRandom
is recommended because it provides a cryptographically strong pseudo-random number generator.
If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
- Returns:
- the random long
getRandomFilename
java.lang.String getRandomFilename(java.lang.String extension)
- Returns an unguessable random filename with the specified extension. This method could call
getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset
then merely append "." + extension.
- Parameters:
extension
- extension to add to the random filename
- Returns:
- a random unguessable filename ending with the specified extension
getRandomReal
float getRandomReal(float min,
float max)
- Gets the random real. The use of java.security.SecureRandom
is recommended because it provides a cryptographically strong pseudo-random number generator.
If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
- Parameters:
min
- the minimum real number that will be returnedmax
- the maximum real number that will be returned
- Returns:
- the random real
getRandomGUID
java.lang.String getRandomGUID()
throws EncryptionException
- Generates a random GUID. This method could use a hash of random Strings, the current time,
and any other random data available. The format is a well-defined sequence of 32 hex digits
grouped into chunks of 8-4-4-4-12.
For more information including algorithms used to create UUIDs,
see the Internet-Draft UUIDs and GUIDs
or the standards body definition at ISO/IEC 11578:1996.
- Returns:
- the GUID
- Throws:
EncryptionException
- if hashing or encryption fails
getRandomBytes
byte[] getRandomBytes(int n)
- Generates a specified number of random bytes.
- Parameters:
n
- The requested number of random bytes.
- Returns:
- The
n
random bytes are returned.
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.