Java mainly provides four random number generator API's depending of your use case.

java.lang.Math.random()

If we check the Math class source code, we can view this:

private static Random randomNumberGenerator;

private static synchronized void initRNG() {
    if (randomNumberGenerator == null)
        randomNumberGenerator = new Random();
}

public static double random() {
    if (randomNumberGenerator == null) initRNG();
    return randomNumberGenerator.nextDouble();
}

Math.random() is simply a shortcut to call Random Class. It is more simple and less complete than java.util.Random but it's enough in some cases.

java.util.Random

The Random class implement a Linear Congruential Generator.

LCG is a pretty simple formula for Pseudorandom Number Generation. java.util.Random is not trully random, it is totally deterministric. With the same initial condition (also called the seed), you've got the same result in the same order.

Use java.util.Random is good for the most use cases (simulation, games, ...) but is not good for cryptography because of his predictability, for this kind of use case prefer java.security.SecureRandom.

java.util.Random is thread safe but can have performance issues in multi-threaded context. If you work in a multi-threaded application, prefer ThreadLocalRandom.

java.security.SecureRandom

The SecureRandom class extend java.util.Random class to implement a cryptographically strong random number generator based on an entropy source. SecureRandom is not deterministic.

SecureRandom have multiple implementation in function of your platform (the complete implementation list).

java.security.SecureRandom is less fast than java.util.Random because of entropy source.

java.util.concurrent.ThreadLocalRandom

The ThreadLocalRandom class is another implementation of Linear Congruential Generator but this one isn't thread-safe but dedicated to a specific thread.

This implementation is more fast than java.util.Random in multi-threaded context.

In your case, you could use java.util.Collections.shuffle(list) to shuffle your array with java.util.Random or with a specific Random Generator like java.security.SecureRandom.

Answer from Valentin Michalak on Stack Overflow
🌐
Tutorialspoint
tutorialspoint.com › home › java/lang › java math.random() method
Understanding Java Math.random() Method
September 1, 2008 - Returned values are chosen pseudorandomly with (approximately) uniform distribution from that range. When this method is first called, it creates a single new pseudorandom-number generator, exactly as if by the expression new java.util.Random
🌐
DZone
dzone.com › data engineering › data › random number generation in java
Guide to Random Number Generation in Java
December 26, 2017 - Java provides the Math class in the java.util package to generate random numbers. The Math class contains the static Math.random() method to generate random numbers of the double type.
Videos
13:59
🌐 YouTube
Coding Math: Episode 51 - Pseudo Random Number Generators Part ...
September 1, 2016
46K
05:15
🌐 YouTube
Java Programming Tutorial - 26 - Random Number Generator - YouTube
May 10, 2009
902K
🌐 khanacademy.org
Pseudorandom number generators (video)
04:27
🌐 YouTube
Java random numbers 🎲 【4 minutes】 - YouTube
October 13, 2020
157K
View all
View all
🌐
Stack Overflow
stackoverflow.com › questions › 22628408 › math-random-follows-which-algorithms
java - math.random() follows which algorithms - Stack Overflow
Top answer
1 of 5
11

Java mainly provides four random number generator API's depending of your use case.

java.lang.Math.random()

If we check the Math class source code, we can view this:

private static Random randomNumberGenerator;

private static synchronized void initRNG() {
    if (randomNumberGenerator == null)
        randomNumberGenerator = new Random();
}

public static double random() {
    if (randomNumberGenerator == null) initRNG();
    return randomNumberGenerator.nextDouble();
}

Math.random() is simply a shortcut to call Random Class. It is more simple and less complete than java.util.Random but it's enough in some cases.

java.util.Random

The Random class implement a Linear Congruential Generator.

LCG is a pretty simple formula for Pseudorandom Number Generation. java.util.Random is not trully random, it is totally deterministric. With the same initial condition (also called the seed), you've got the same result in the same order.

Use java.util.Random is good for the most use cases (simulation, games, ...) but is not good for cryptography because of his predictability, for this kind of use case prefer java.security.SecureRandom.

java.util.Random is thread safe but can have performance issues in multi-threaded context. If you work in a multi-threaded application, prefer ThreadLocalRandom.

java.security.SecureRandom

The SecureRandom class extend java.util.Random class to implement a cryptographically strong random number generator based on an entropy source. SecureRandom is not deterministic.

SecureRandom have multiple implementation in function of your platform (the complete implementation list).

java.security.SecureRandom is less fast than java.util.Random because of entropy source.

java.util.concurrent.ThreadLocalRandom

The ThreadLocalRandom class is another implementation of Linear Congruential Generator but this one isn't thread-safe but dedicated to a specific thread.

This implementation is more fast than java.util.Random in multi-threaded context.

In your case, you could use java.util.Collections.shuffle(list) to shuffle your array with java.util.Random or with a specific Random Generator like java.security.SecureRandom.

2 of 5
2

Use java.util.Random API

An instance of this class is used to generate a stream of pseudorandom numbers. The class uses a 48-bit seed, which is modified using a linear congruential formula. (See Donald Knuth, The Art of Computer Programming, Volume 3, Section 3.2.1.)

Algorithm class : pseudorandom number generator known as PRNG. You can read more about it here.

Note : Math.random() also uses java.util.Random instance to generate the psuedo-random numbers internally

🌐
freeCodeCamp
freecodecamp.org › news › generate-random-numbers-java
Java Random Number Generator – How to Generate Integers With Math Random
November 25, 2020 - Math.random() returns a double type pseudo-random number, greater than or equal to zero and less than one.
🌐
Tutorialspoint
tutorialspoint.com › java › lang › number_random.htm
Java - Math random() Method
Returned values are chosen pseudorandomly with (approximately) uniform distribution from that range. When this method is first called, it creates a single new pseudorandom-number generator, exactly as if by the expression new java.util.Random
🌐
Built In
builtin.com › articles › math.random-java
Java Math.random() Method Explained With Examples | Built In
The Math.random method in Java generates a pseudorandom number between 0.0 and 1.0. Our expert explains how it works.
🌐
Reddit
reddit.com › r/learnprogramming › [java] how does math.random() generate a random number?
r/learnprogramming on Reddit: [Java] How does Math.random() generate a random number?
December 14, 2017 -

I've looked up the source code and this was the purpose statement:

Returns a double value with a positive sign, greater than or equal to 0.0 and less than 1.0. Returned values are chosen pseudorandomly with (approximately) uniform distribution from that range. When this method is first called, it creates a single new pseudorandom-number generator, exactly as if by the expression new java.util.Random() This new pseudorandom-number generator is used thereafter for all calls to this method and is used nowhere else. This method is properly synchronized to allow correct use by more than one thread. However, if many threads need to generate pseudorandom numbers at a great rate, it may reduce contention for each thread to have its own pseudorandom-number generator.

What does this mean? How does it return a different double each time? I've always been incredibly curious as to how random number generators worked.

Top answer
1 of 3
3
See computational methods under: https://en.wikipedia.org/wiki/Random_number_generation Pseudo-random typically means there's an algorithm for generating the numbers that have certain probability distributions. This algorithm usually has some initial "seed" number. Given a seed, it produces the same sequence of random numbers (hence pseudo-random). For some applications, pseudo-random is good enough (esp. since you can repeatedly test the same values).
2 of 3
3
There's a talk by the author of a pseudorandom number generator called PCG that, IIRC, starts off with a really good explanation of how a lot of RNGs work. Might be a bit too much for you, might not, but https://www.youtube.com/watch?v=45Oet5qjlms (maybe start around 18:00 if you are impatient? Edit: and 25:30 literally shows you what java.util.Random uses)
🌐
CodeAhoy
codeahoy.com › java › Math-Random-method-JI_17
Java Math.random() Method with Examples | CodeAhoy
October 12, 2019 - The java.lang.Math class that comes bundled with Java contains various methods for performing basic numeric operations such as the elementary exponential, logarithm, square root, and trigonometric functions. Math.random() method is part of the Math class. It is used for generating random values ...
Find elsewhere
🌐
Stack Overflow
stackoverflow.com › questions › 62036514 › make-sure-that-using-this-pseudorandom-number-generator-is-safe-here
Make sure that using this pseudorandom number generator is safe here
Top answer
1 of 2
19

They want to alert you to the fact that Math.random is not a true random generator but a PRNG. If you need this to be safe you need a CSPRNG.

Here is the spec

Using PseudoRandom Number Generators (PRNGs) is security-sensitive

When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.

As the Math.random() function relies on a weak pseudorandom number generator, this function should not be used for security-critical applications or for protecting sensitive data. In such context, a Cryptographically Strong PseudoRandom Number Generator (CSPRNG) should be used instead.

Ask Yourself Whether

  • the code using the generated value requires it to be unpredictable. It is the case for all encryption mechanisms or when a secret value, such as a password, is hashed.
  • the function you use generates a value which can be predicted (pseudo-random).
  • the generated value is used multiple times.
  • an attacker can access the generated value.

You are at risk if you answered yes to the first question and any of the following ones.

Code example

const crypto = window.crypto || window.msCrypto;
var array = new Uint32Array(1);
crypto.getRandomValues(array); // Compliant for security-sensitive use cases
const FileId = array[0];
console.log(FileId);

2 of 2
1

As the java.util.Random class relies on a pseudorandom number generator, this class and relating java.lang.Math.random() method should not be used for security-critical applications or for protecting sensitive data. In such context, the java.security.SecureRandom class which relies on a cryptographically strong random number generator (RNG) should be used in place.

SecureRandom random = new SecureRandom(); // Compliant for security-sensitive use cases
int bound = 100;
random.nextInt(bound);

Ref: https://rules.sonarsource.com/java/RSPEC-2245

🌐
GeeksforGeeks
geeksforgeeks.org › java › java-math-random-method-examples
Java Math random() Method - GeeksforGeeks
December 20, 2025 - The Math.random() method in Java is used to generate a pseudorandom double value that is greater than or equal to 0.0 and less than 1.0. Internally, this method uses a single instance of java.util.Random to produce random values, making it suitable ...
🌐
Spring Framework Guru
springframework.guru › home › random number generation in java
Random Number Generation in Java - Spring Framework Guru
October 15, 2024 - Java provides the Math class in the java.util package to generate random numbers. The Math class contains the static Math.random()method to generate random numbers of double type.
🌐
javaspring
javaspring.net › java_lang › java_math_random_method_a_comprehensive_guide
Java - Math.random() Method: A Comprehensive Guide — javaspring.net
The Math.random() method is a static method in the java.lang.Math class. It returns a pseudorandom double value greater than or equal to 0.0 and less than 1.0. This method is often used to generate random numbers for various purposes in Java ...
🌐
Sentry
sentry.io › sentry answers › java › how do i generate random integers within a specific range in java?
How do I generate random integers within a specific range in Java? | Sentry
Finally, we can generate a random number using the java.lang.Math class. The Math class provides a random() method, but this method returns a double value from 0.0 (inclusive) to 1.0 (exclusive).
🌐
Vultr Docs
docs.vultr.com › java › standard-library › java › lang › Math › random
Java Math random() - Generate Random Number | Vultr Docs
September 27, 2024 - The Math.random() method in Java serves as a powerful and easy-to-implement tool for generating pseudo-random numbers. Whether you need a simpleset of random numbers, integers within a defined range, or simulate probability-based scenarios, ...
🌐
Oracle
docs.oracle.com › javase › 8 › docs › api › java › util › Random.html
Random (Java Platform SE 8 )
October 20, 2025 - The algorithms implemented by class Random use a protected utility method that on each invocation can supply up to 32 pseudorandomly generated bits. Many applications will find the method Math.random() simpler to use.
🌐
javaspring
javaspring.net › blog › java-math-random-int
Mastering Java Math Random for Integer Generation — javaspring.net
These algorithms are called pseudorandom number generators (PRNGs) because they are deterministic and will produce the same sequence of numbers if given the same initial state (seed).
🌐
Veracode
veracode.com › blog › research › cryptographically-secure-pseudo-random-number-generator-csprng
Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) | Veracode
As a developer, you should be aware ... the following: There is nothing random about Math.random. It doesn't provide cryptographically secure random numbers....
🌐
HappyCoders.eu
happycoders.eu › java › random-number
Generating Random Numbers in Java
June 12, 2025 - Experienced Java developers familiar with the various ways to create random values can skip directly to the "Pseudorandom Number Generation" or "Changes in Implementations Over Time" section. You can find the code samples for this article in this GitHub repository. This chapter shows the fundamental classes and methods for generating a random number in Java and what to consider when using them in terms of thread safety. One of the oldest methods (it has existed since Java 1.0) to generate a random double number is to call Math.random():
🌐
Mindprod
mindprod.com › jgloss › pseudorandom.html
pseudo-random numbers : Java Glossary
However, the technique in general may once in a blue moon generate 10. It won’t actually do this with 10, but it will hit the upper bound with larger ranges, so I think it wise to avoid the technique on general principles. It requires two int <=> double floating point conversions and a floating point multiply. These are slow operations and completely unnecessary. Math.Random gives you no power over the seed.
🌐
GitHub
github.com › SOEN6431Winter2025 › jmonkeyengineW25 › issues › 71
Make sure that using this pseudorandom number generator is safe here. FastMath.java · Issue #71 · SOEN6431Winter2025/jmonkeyengineW25
January 21, 2025 - As the java.util.Random class relies on a non-cryptographic pseudorandom number generator, this class and relating java.lang.Math.random() method should not be used for security-critical applications or for protecting sensitive data.
Author   sodhi-007