Thanks for the analysis molecular - that's exactly the path I was going down. I've worked on a project that specially seeded a SecureRandom (with other random input) to init the cryptographic functions, but bitcoinj does not appear to provide a direct way to provide the randomness, so it falls to the underlying library. Since that's the BouncyCastle/SpongyCastle crypto lib, I'm confident it is performed as well as reasonably possible.