Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6202721

SHA1PRNG reads from /dev/random even if /dev/urandom selected

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Not an Issue
    • Affects Version/s: 5.0, 5.0u6, 5.0u11, 6, 6u13
    • Fix Version/s: None
    • Component/s: security-libs
    • Subcomponent:
    • CPU:
      generic, x86
    • OS:
      generic, linux

      Description

      If you do

      import java.security.SecureRandom;
      class JRand {
        public static void main(String args[]) throws Exception {
          System.out.println("Ok: " +
            SecureRandom.getInstance("SHA1PRNG").nextLong());
        }
      }

      then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

      The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                andreas Andreas Sterbenz
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: