Gareth D.
—How do I generate random numbers in a specific range in Java?
In modern versions of Java, the nextInt
method from java.util.Random
can be used to create a random number generator.
import java.util.Random; public class RandomDemo{ public static void main(String[] args){ Random rand = new Random(); int n = rand.nextInt(2); System.out.println(n); } }
This method will generate a random number between 0
and the specified number (including 0
and excluding the number specified).
2
is specified as the argument, so it will always output 0
or 1
.nextInt
method can also be called without an argument, causing it to return any valid integer (including negative integers).To generate a random number in a range between a given start
and end
number:
For example, the following code returns a random number between -5
and 5
:
import java.util.Random; public class RandRange{ public static void main(String[] args){ int start = -5; int end = 5; Random rand = new Random(); int n = rand.nextInt(end - start) + start; System.out.println(n); } }
The nextInt
method generates pseudorandom numbers that aren’t suitable for cases requiring secure random numbers that can’t easily be predicted. In such cases, it’s better to use the SecureRandom
class to generate a secure random number.
Consider the following example:
import java.security.SecureRandom; public class SecureDemo{ public static void main(String[] args) { SecureRandom secureRandom = new SecureRandom(); int n = secureRandom.nextInt(2); System.out.println(n); } }
This code has the same functionality as the first example. It will always output either 0
or 1
.
While the name of the function is SecureRandom
, simply calling it doesn’t guarantee a non-deterministic output. The underlying implementation dictatess whether or not the output is truly non-deterministic.
The official SecureRandom
documentation states:
Many
SecureRandom
implementations are in the form of a pseudo-random number generator (PRNG, also known as deterministic random bits generator or DRBG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
Multiple factors influence whether the use of SecureRandom
rather than Random
will be enough to meet the security requirements of a program, such as:
The following benchmarking script is used to assess and compare the speed of Random
and SecureRandom
in Java by running both versions one hundred million times:
import java.util.Random; import java.security.SecureRandom; public class RandomBenchmark { public static void main(String[] args) { final int ITERATIONS = 100000000; // Benchmark java.util.Random Random random = new Random(); long startTime = System.nanoTime(); for (int i = 0; i < ITERATIONS; i++) { random.nextInt(); } long endTime = System.nanoTime(); long durationRandom = endTime - startTime; System.out.println("java.util.Random duration: " + (double)durationRandom/1000000000 + " seconds"); // Benchmark java.security.SecureRandom SecureRandom secureRandom = new SecureRandom(); startTime = System.nanoTime(); for (int i = 0; i < ITERATIONS; i++) { secureRandom.nextInt(); } endTime = System.nanoTime(); long durationSecureRandom = endTime - startTime; System.out.println("java.security.SecureRandom duration: " + (double)durationSecureRandom/1000000000 + " seconds"); System.out.println("----"); System.out.println("SecureRandom is " + (double)durationSecureRandom / durationRandom + " times slower than Random"); } }
On an M1-Max MacBook Pro, this script outputs:
java.util.Random duration: 0.785196917 seconds java.security.SecureRandom duration: 5.760956292 seconds ---- SecureRandom is 7.336957350788987 times slower than Random
This shows that SecureRandom
is significantly slower than Random
, making Random
the more desirable choice for generating multiple numbers when predictable or deterministic outputs are permissible.
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODESConsidered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.
Here’s a quick look at how Sentry handles your personal information (PII).
×We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?We may disclose your PII to the following type of recipients:
You may have the following rights related to your PII:
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.