Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8060435

Provide the capability to obtain a system seed to seed PRNGs


    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 9
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:


      In JDK 8 ThreadLocalRandom (and SplittableRandom) by default computes an initial seed to the PRNG using the mac address obtained via NetworkInterface.getNetworkInterfaces(). This unfortunately can result in high very initialization costs on certain platforms (Windows) which in turn can propagate to other classes such as ConcurrentSkipList*.

      The fix for JDK-8066397 will remove the network code and by default compute a seed using the current system time.

      It would be useful to enhance the seed generating functionality in the JDK to compute seed bytes of reasonable cryptographic strength for the underlying platform that:

        1) has a very low initialization cost; and
        2) can be used by ThreadLocalRandom and SplittableRandom as the default.

      One possible solution is to add a new public static method SecureRandom.getSystemSeed() (as proposed in the comments) in JDK 9. Ideally this functionality could be back-ported as a private interface in 8u60 (which will unfortunately result in a deviation of ThreadLocalRandom in JDK 8u60 and the version in the 166 repository.)


          Issue Links



              • Assignee:
                wetmore Bradford Wetmore
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                12 Start watching this issue


                • Created: