Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6202721

SHA1PRNG reads from /dev/random even if /dev/urandom selected

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Not an Issue
    • Affects Version/s: 5.0, 5.0u6, 5.0u11, 6, 6u13
    • Fix Version/s: None
    • Component/s: security-libs
    • Subcomponent:
    • CPU:
      generic, x86
    • OS:
      generic, linux

      Description

      If you do

      import java.security.SecureRandom;
      class JRand {
        public static void main(String args[]) throws Exception {
          System.out.println("Ok: " +
            SecureRandom.getInstance("SHA1PRNG").nextLong());
        }
      }

      then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

      The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

        Issue Links

          Activity

          Hide
          andreas Andreas Sterbenz added a comment -
          BT2:WORK AROUND

          Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")'

          ###@###.### 2004-12-01 22:30:25 GMT
          Show
          andreas Andreas Sterbenz added a comment - BT2:WORK AROUND Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")' ###@###.### 2004-12-01 22:30:25 GMT
          Hide
          andreas Andreas Sterbenz added a comment -
          BT2:EVALUATION

          Right.

          ###@###.### 2005-04-18 21:35:12 GMT
          Show
          andreas Andreas Sterbenz added a comment - BT2:EVALUATION Right. ###@###.### 2005-04-18 21:35:12 GMT
          Hide
          andreas Andreas Sterbenz added a comment -
          BT2:WORK AROUND

          Alternatively, set securerandom.source to file:/dev/./urandom

          With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.
          Show
          andreas Andreas Sterbenz added a comment - BT2:WORK AROUND Alternatively, set securerandom.source to file:/dev/./urandom With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.
          Hide
          andreas Andreas Sterbenz added a comment -
          BT2:EVALUATION

          The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.
          Show
          andreas Andreas Sterbenz added a comment - BT2:EVALUATION The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.
          Hide
          wetmore Bradford Wetmore added a comment -
          Should be clearer as a result of this bug.
          Show
          wetmore Bradford Wetmore added a comment - Should be clearer as a result of this bug.

            People

            • Assignee:
              andreas Andreas Sterbenz
              Reporter:
              andreas Andreas Sterbenz
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Imported:
                Indexed: