[Osmium]

Devil's advocate, but why not rename "Random" to "AlmostRandom" instead, and call "SecureRandom" just "Random"? It's not unreasonable for a lay programmer to expect "random" to be exactly that; though, obviously, non-experts shouldn't be implementing crypto regardless. But since they will, despite everyone's best advice otherwise, why not reduce their chances of introducing bugs?

[sgift]

How far do you want to go? The Javadocs state it plain and clear that this is not cryptographically secure. Is AlmostRandom enough? Maybe we should force people to set an enum? new AlmostRandom(AlmostRandomCertification.YES_I_M_NOT_AN_IDIOT_AND_WONT_USE_THIS_FOR_CRYPTOGRAPHIC_PURPOSES)? You have to draw the line somewhere.

[jonahx]

True, although honestly your tongue-in-cheek enum example is probably closer to where the line should be.

[cornewut]

Also a nice reminder: "Never write your own crypto"

[eru]

(Outside of education.)

[imaginenore]

Because

1) Even SecureRandom is likely not completely random. Unless they seed with physical/unpredictable randomness.

2) It's much slower

[pkolaczk]

> 1) Unless they seed with physical/unpredictable randomness.

They do.

[MichaelGG]

Why not rename comparison functions, too, since they often aren't constant time? And all sorts of other primitives someone might accidentally use?