bloom filter are amazing when inputs are purely random. If we know the bloom filter size and fpp, we can very easily derive the number of hashfunction used. By Default all the libraries use some hashing algorithm for example guava uses murmur hash. But these hashing function(murmur hash in particular) are not cryptographic hash function. Hence if someone knows

1. total number of elements and fpp for which bloom was created
2. Some elements that already existing in the bloom

It might be theoretically possible to generate other elements which were not inserted in bloom filter but bloom filter will say elements are present.

What are the strategies to prevent this from happening? Few things that come to mind

1. use cryptographic hash function as mentioned in this answer
2. Randomize the number expected number of elements to be inserted so that total number of hash function becomes tough to guess.

Any other solutions?