The java.security.SecureRandom class provides a strong random number generator (RNG) appropriate for cryptography. However, seeding it
with a constant or another predictable value will weaken it significantly. In general, it is much safer to rely on the seed provided by the
SecureRandom implementation.
This rule raises an issue when SecureRandom.setSeed() or SecureRandom(byte[]) are called with a seed that is either
of:
System.currentTimeMillis()
SecureRandom sr = new SecureRandom();
sr.setSeed(123456L); // Noncompliant
int v = sr.next(32);
sr = new SecureRandom("abcdefghijklmnop".getBytes("us-ascii")); // Noncompliant
v = sr.next(32);
SecureRandom sr = new SecureRandom(); int v = sr.next(32);