Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4705093

Use /dev/urandom rather than /dev/random if it exists.

    Details

    • Subcomponent:
    • Resolved In Build:
      tiger
    • CPU:
      x86, sparc
    • OS:
      linux, solaris_8

      Description



      Name: gm110360 Date: 06/20/2002


      FULL PRODUCT VERSION :
      > java -version
      java version "1.4.0"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
      Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)


      FULL OPERATING SYSTEM VERSION :
      [fjo@maren jObj]$ uname -r -s -p
      Linux 2.4.9-34 unknown

      On intel pIII

      A DESCRIPTION OF THE PROBLEM :
      I'm using SSL to access a webbserver and https:// urls,
      which is now available by default and use the
      com.sun.net.ssl package I believe.

      The problem is that the SecureRandom number generator which
      is used to create the connection is seeded from the blocking
      random device /dev/random. This causes an application using
      SSL urls to hang anything from seconds to several minutes
      depending on how much randomness is available on the first
      access of a https url.

      I believe all linuxes has /dev/urandom today, and hopefully
      so will Solaris in the next versions (there is a patch for
      it). If SecureRandom was seeded from /dev/urandom instead
      the performance would increase incredibly.

      So basically, please use /dev/urandom prior to /dev/random
      if it exists. There are too many asking for randomness
      nowadays to use /dev/random. The increased security of using
      /dev/random for seeding must be rather negligible and right
      now the performance of setting up a connection is so bad
      that I may not be able to use SSL at all, which doesn't
      really improve security.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1.Use any api that accesses an url and access a https one.
      It is a documented "feature", I simply ask it to be resolved.



      REPRODUCIBILITY :
      This bug can be reproduced always.
      (Review ID: 153694)
      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                gmanwanisunw Girish Manwani (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: