Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8060435

Provide the capability to obtain a system seed to seed PRNGs

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 9
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Description

      In JDK 8 ThreadLocalRandom (and SplittableRandom) by default computes an initial seed to the PRNG using the mac address obtained via NetworkInterface.getNetworkInterfaces(). This unfortunately can result in high very initialization costs on certain platforms (Windows) which in turn can propagate to other classes such as ConcurrentSkipList*.

      The fix for JDK-8066397 will remove the network code and by default compute a seed using the current system time.

      It would be useful to enhance the seed generating functionality in the JDK to compute seed bytes of reasonable cryptographic strength for the underlying platform that:

        1) has a very low initialization cost; and
        2) can be used by ThreadLocalRandom and SplittableRandom as the default.

      One possible solution is to add a new public static method SecureRandom.getSystemSeed() (as proposed in the comments) in JDK 9. Ideally this functionality could be back-ported as a private interface in 8u60 (which will unfortunately result in a deviation of ThreadLocalRandom in JDK 8u60 and the version in the 166 repository.)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wetmore Bradford Wetmore
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated: