Yes it is secure.

Code examination of java.util.Random shows that ints() creates a spliterator that uses internalNextInt(...) to generate the random integers. That in turn calls nextInt() on this. In the case of java.security.SecureRandom, nextInt() is overridden to generate a "secure" random number¹.

You can confirm this for yourself by looking at the source code.

^{1 - Of course, it doesn't actually make sense to call an integer or a sequence of integers "secure". And there are situations where SecureRandom may not have the properties that you require. (It depends on the actual RNG or PRNG implementation used by the class, the quality of the supplied seed or system provided entropy source, and so on.) But SecureRandom::ints() will generate a sequence of integers that has the same properties as if you made a sequence of SecureRandom::nextInt() calls on the same object. If the latter sequence is suitable for your purposes (whatever they are) then so is the former.}

tl;dr

Integer.toHexString(
    new SecureRandom().nextInt()
)

bd594090

JRuby

Run your Ruby code on a JVM with JRuby.

java.security.SecureRandom

Java includes SecureRandom, a cryptographically strong random number generator (RNG).

Pass the number of bits to be generated, right justified, with leading zeros.

int x = new SecureRandom().nextInt() ;

1286623117

To generate a hex string, pass that int to Integer.toHexString.

String output = Integer.toHexString( x ) ;  // And maybe call `toLowerCase` or `toUpperCase` as you desire.

4cb04f8d

Extract from UUID Version 4

A UUID is a 128-bit value designed to be used as a universally-unique identifier. Originally specified as a point in time and space, combining the current moment with a MAC address plus an arbitrary number.

Later Version 4 UUID was defined to randomly generate 122 of the 128 bits. The java.util.UUID class in Java promises to use a cryptographically-strong pseudo-random number generator.

The canonical expression of a UUID is 32 hex characters with 4 hyphens. So if take such a string, remove the hyphens, we can take hex characters at the leading end as the non-random 4 bits are in the second half of the hex string.

For your 32-bit hex value, we need 1/4 of the hex characters (1/4 of 128 bits = 32 bits), or the first 8 hex characters.

String hex = 
    java.util.UUID
    .randomUUID()
    .toString()
    .replace( "-" , "" )  // Remove hyphens, leaving only hex characters.
    .substring( 0 , 8 )   // Annoying zero-based counting. 
;

The UUID standards require the hex string to be lowercase, though many implementation violate this rule. Either way, you should make call to enforce your own choice of uppercase or lowercase hex.

String hex = 
    java.util.UUID
    .randomUUID()
    .toString()
    .replace( "-" , "" )  // Remove hyphens, leaving only hex characters.
    .substring( 0 , 8 )   // Annoying zero-based counting. 
    .toLowerCase()        // Or `toUpperCase` as you desire.
;

Use entire UUID

If your purpose is to generate distinct values as identifiers, consider using the entir universally unique identifier (UUID) value discussed above.

Version 1 UUIDs are best, but if unavailable you can fall back to using Version 4. That is good enough for many purposes.

In Java, see the UUID class.