What is the purpose of creating secure random numbers with SecureRandom instead of just with Random?

John Mitchell

The default implementation of Random uses a straight-forward linear congruential pseudo-random number generator. That style of pseudo-random number generator is, by its very nature, extremely predictable. Predictability is a very bad thing when you need random numbers for security applications. The implementations of the pseudo-random number generators which SecureRandom may return are expected to be cryptographically strong (i.e., very unpredictable).