I'm not sure your point about Java 7 is correct. The docs (http://docs.oracle.com/javase/7/docs/technotes/guides/securi...) state that it is a SHA1PRNG, seeded with "true random". So the first call may block if it goes to /dev/random on Linux, but it should be good-to-go after that. I think this is the same behaviour as Java 6, but I don't know about previous versions.