初始化静态实例并将其用于所有密钥对

Initialize a static instance and use it for all key pairs

哪种方法通常更好，为什么？

Which approach is generally better and why?

添加：我的直觉是第二个选项更安全。但我唯一的论点是基于伪随机性源自当前时间戳的假设的理论攻击：有人可能看到密钥对的创建时间，周围时间间隔中的猜测时间戳，计算可能的伪随机序列，并获得

ADDED: My gut feeling is that the second option is more secure. But my only argument is a theoretical attack based on the assumption that the pseudorandomness is derived from the current timestamp: someone may see the creation time of the key pair, guess timestamps in the surrounding time interval, compute the possible pseudorandom sequences, and obtain the key material.

ADDED：我关于基于时间戳的决定论的假设是错误的。这是Random和SecureRandom之间的区别。所以，它的回答是：在安全方面，它并不重要。

ADDED: My assumption about determinism based on a timestamp was wrong. That's the difference between Random and SecureRandom. So, it looks like the answer is: in terms of security it doesn't really matter.

推荐答案

与java.util .Random类，java.security.SecureRandom类必须在每次调用时产生非确定性输出。这意味着，在java.util.Random的情况下，如果你要在每次需要一个新的随机数时重新创建一个具有相同种子的实例，你每次都会得到相同的结果 。然而，SecureRandom保证不这样做 - 因此，创建单个实例或每次创建一个实例不会影响其生成的随机字节的随机性。所以，从正常的良好的编码实践观点来看，为什么创建太多的实例，当一个人会做？

Unlike the java.util.Random class, the java.security.SecureRandom class must produce non-deterministic output on each call. What that means is, in case of java.util.Random, if you were to recreate an instance with the same seed each time you needed a new random number, you would essentially get the same result every time. However, SecureRandom is guaranteed to NOT do that - so, creating a single instance or creating a new one each time does not affect the randomness of the random bytes it generates. So, from just normal good coding practices view point, why create too many instances when one will do?