Have you ever needed to generate a six digit code for security purposes? If so, then you'll want to make sure that you are using a Secure Random algorithm. Java provides a class java.security.SecureRandom which we can leverage:
Java 6 Digit Code Method
Here's a Java Method to generate a Secure Random Six Digit Code:
/**
* Generates a secure 6-digit random code as a string
* @return A 6-digit string code (000000-999999)
* @throws NoSuchAlgorithmException if strong SecureRandom instance cannot be created
*/
public static final String generateRandomSixDigitCode() throws NoSuchAlgorithmException {
//use a strong secure random number generator
SecureRandom secureRandom = SecureRandom.getInstanceStrong();
//get int between and including 0-999999
int randomInteger = secureRandom.nextInt(1000000);
//pad with leading 0's if less than 100000
return String.format("%06d", randomInteger);
}
You'll need the following import statements:
import java.security.SecureRandom; import java.security.NoSuchAlgorithmException;
See the Code Explanation below for line by line explanation of the code.
CFML 6 Digit Code Function
And here's a CFML Function to generate a secure random six digit code:
string function generateRandomSixDigitCode() {
//use a strong secure random number generator
var secureRandom = createObject("java", "java.security.SecureRandom").getInstanceStrong();
//get int between and including 0-999999
var randomInteger = secureRandom.nextInt(1000000);
//pad with leading 0's if less than 100000
return numberFormat(randomInteger, "000000");
}
The code between the Java and CFML version is pretty close to the same, except for the padding method.
Code Explanation
First we are obtaining an instance of a java.security.SecureRandom object by calling the static method getInstanceStrong() - this ensures that you are using one of the strongest random number generators algorithms.
According to the docs for getSecureInstance:
Returns a SecureRandom object that was selected by using the algorithms/providers specified in the securerandom.strongAlgorithms Security property.
If performance is a concern, you can avoid using getInstanceStrong and just use an instance of the SecureRandom class instead. This should still use a Secure random algorithm, it just may not use the strongest possible algorithm.
Next we are calling the nextInt function on SecureRandom, and passing the argument 1000000. The passed value represents the bound, or max value.
nextInt(int bound): Returns a pseudorandom, uniformly distributed int value between 0 (inclusive) and the specified value (exclusive), drawn from this random number generator's sequence.
The final step of the function is to pad with leading "0" if the integer is less than 100000. For example if it generates the random integer "123", we want the function to return "000123".
Why not specify an algorithm?
I am avoiding specifying an exact algorithm in this code, so that we can rely on the JVM's configuration and implementation for the best SecureRandom algorithm. That way if we keep our JVM up to date, we don't need to revisit this if a weakness is discovered in a particular algorithm.