Random vs SecureRandom

    Size: A Random class has only 48 bits where as SecureRandom can have upto 128 bits. So the chances of repeating in SecureRandom are smaller.
    Seed Generation: Random uses the system clock as the seed/or to generate the seed. So they can be reproduced easily if the attacker knows the time at which the seed was generated. But SecureRandom takes Random Data from your OS (they can be interval between keystrokes etc  most OS collect these data and store them in files  /dev/random and /dev/urandom in case of linux/solaris) and use that as the seed.
    Breaking the code: In case of random, just 2^48 attempts are required, with todays advanced cpus it is possible to break it in practical time. But for securerandom 2^128 attempts will be required, which will take years and years to break even with todays advanced machines.
    Generating Function: The standard Oracle JDK 7 implementation uses whats called a Linear Congruential Generator to produce random values in java.util.Random. SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
    Security: Consequently, the java.util.Random class must not be used either for security-critical applications or for protecting sensitive data.
