I am interested in java.util.Random and java.security.SecureRandom classes. I found that Random uses system clock to generate seed and SecureRandom uses /dev/random or /dev/urandom but these files are on Linux, while on Windows it uses some mistic CryptGenRandom. Even if that is super secure function, do we know from where does it take values? What is the basement to generate seed?
The class java.security.SecureRandom Uses the system API provided by the OS host. Each OS has their own process to generate random numbers.
In Windows SecureRandom uses the method CryptGenRandom that is part of WinCrypt Windows library (Included in Advapi32.dll of Windows System libraries).
All the documentation about the Windows function is available in the Microsoft docs of CryptGenRandom