For some implementations, the SecureRandomclass will help you out by producing true random numbers:

对于某些实现，SecureRandom类将通过生成真正的随机数来帮助您：

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

许多 SecureRandom 实现采用伪随机数生成器 (PRNG) 的形式，这意味着它们使用确定性算法从真随机种子生成伪随机序列。其他实现可能会产生真正的随机数，而其他实现可能会使用这两种技术的组合。

It has two methods, getProvider()and getAlgorithm()which should give you some information about which implementation is used. From this pageit seems that the pseudo random generator SHA1PRNG (which is seeded with true random data) is one of them or even the only one currently available.

它有两个方法，getProvider()并且getAlgorithm()这应该给你一些有关这是用来执行。从该页面看来，伪随机生成器 SHA1PRNG（以真随机数据为种子）是其中之一，甚至是目前唯一可用的。

It depends on the mode in which you are using your cipher. If you are using CBC, bytes from a SecureRandomare the easiest, and probably the most secure…as long as your RNG is good.

这取决于您使用密码的模式。如果您使用 CBC，则 aSecureRandom中的字节是最简单的，也可能是最安全的……只要您的 RNG 是好的。

Most Java providers will generate the required parameters automatically, but in order for you to figure out what was chosen, you need to understand the cipher and mode. For example, if you are using a mode that requires an IV, you'd do something like this:

大多数 Java 提供程序会自动生成所需的参数，但为了让您弄清楚选择了什么，您需要了解密码和模式。例如，如果您使用需要 IV 的模式，您将执行以下操作：

cipher.init(Cipher.ENCRYPT_MODE, secret);
IvParameterSpec spec = 
   cipher.getParameters().getParameterSpec(IvParameterSpec.class);
byte[] iv = spec.getIV();

This allows the provider to choose a suitable method for generating the IV itself. But if you were to use the same method on cipher using ECB mode, it would fail.

这允许提供者选择合适的方法来生成 IV 本身。但是，如果您在使用 ECB 模式的密码上使用相同的方法，它将失败。

Using a counter mode obviously requires great care to avoid re-use of the counter.

使用计数器模式显然需要非常小心以避免重复使用计数器。

As the other answers implied, use a secure random number generator to create the IV.

正如其他答案所暗示的那样，使用安全随机数生成器来创建 IV。

Just as an aside though, you don't need to send the IV through a secure channel - it's usual to just prepend it to the message. Remember that it's farmore important that you use a fresh IV for each message, than that you keep the IVs secret. Pre-sharing the IVs at the same time as the key implies either than you're re-using IVs (bad), or have a limit on the number of messages you can send.

顺便说一句，您不需要通过安全通道发送 IV - 通常只是将其添加到消息中。请记住，这是迄今为止，你使用一个新的IV的每个消息，比你保持IVS的秘密更重要。在密钥的同时预共享 IV，这意味着您要么重新使用 IV（坏），要么限制您可以发送的消息数量。

If you are using GUI or you have access to system calls to user data input hardware (mouse preferred) you can create a vector of pairs of mouse pointer coordinates as user moves it. Add them to some string. Than use your favorite hash function on the string to create completely random IV with high entropy.

如果您正在使用 GUI 或者您可以访问对用户数据输入硬件（首选鼠标）的系统调用，您可以在用户移动鼠标指针坐标时创建一对鼠标指针坐标向量。将它们添加到某个字符串中。比在字符串上使用您最喜欢的哈希函数来创建具有高熵的完全随机的 IV。