Configuring random number generator secure seeding
Oracle uses a random number generator for secure seeding when establishing connections. A random number generator is also used, in a separate seeding process, for Kerberos authentication. The driver supports random number generator implementations by way of the RandomGenerator and SecureRandomAlgorithm connection properties. The RandomGenerator connection property allows you to specify the type of random number generator the database uses for secure seeding with JDK 7 or higher. If you select a cryptographically strong number generation algorithm, and if you are using JDK 8 or higher, you can then use the SecureRandomAlgorithm connection property to specify any number generation algorithm included in the JDK packaged with your system.
Note: When establishing a connection with a connection string, RandomGenerator and SecureRandomAlgorithm should precede the User and Password connection properties in the connection URL. When using a data source connection, RandomGenerator and SecureRandomAlgorithm should be set before making calls to setUser(), setPassword(), or setNewPassword().
The following steps outline how to configure a random number generator for secure seeding.
1. If suitable to your environment, enable Kerberos by setting the AuthenticationMethod property to auto, kerberos, or kerberosUIDPassword.
2. Set the RandomGenerator connection property.
If you specify random, no further steps are required. A stream of pseudorandom numbers will be generated for secure seeding, and you have completed driver configuration of the random number generator.
If you specify secureRandom and you are using JDK 7, no further steps are required. The SHA1PRNG algorithm will be used by default, and you have completed driver configuration of the random number generator.
If you specify secureRandom and you are using JDK 8 or higher, proceed to the next step.
3. Set the SecureRandomAlgorithm connection property by specifying the name of the SecureRandom number generation algorithm as a string, for example, SecureRandomAlgorithm=SHA1PRNG.