Yuri Dolgov wrote:
I had a little experience in this. I used several rdtsc values, local and JNI variables addresses, java memory info and nanotime value.
Once upon a time, I also had the great idea to seed a random number generator by using the hashCode() (they say it is the "address" of the object on many JVMs) of some specific object.
However, by pretty much pure luck, I tested out a bit-print method (basically, toBinaryString()) on the first random number that the system made. And what do you know - it was the same every time I started the web application! It soon hit me that of course it would be: starting up big old Tomcat and this rather heavy application would nevertheless be very deterministic: the sequence of objects created will be exactly the same every single time - including the hashCode() of that particular object I used. I guess the same can happen for local addresses too.
Please be careful when creating and seeding _secure_ system random number generators - they ought to be pretty random!
Kind regards, Endre.
