Initializing Secure Random (Reprise)
Peter Levart
peter.levart at gmail.com
Tue Nov 25 23:15:11 UTC 2014
On 11/24/2014 09:46 PM, roger riggs wrote:
> Hi,
>
> This topic has languished for a bit and could use a bit of expertise from
> Windows developers.
>
> The improvements in entropy for initializing Secure Random in JDK 8 have
> some negative attributes that affect maintainability, robustness and
> performance[1].
> The dependency on networking, can in some OS's and configurations lead
> to increased startup times and issues with bootstrapping the Java
> runtime.
>
> Martin has proposed[2] an alternative for Linux based on /dev/urandom
> with a fallback to a simpler algorithm if /dev/urandom is not available.
>
> Since /dev/urandom is not native to Windows, it seems prudent to identify
> a corresponding source of entropy data.
>
> What are the recommended ways on Windows to get seeds for random?
> Please suggest one or more ways to initialize SecureRandom
Hi Roger,
Do you mean SecureRandom or ThreadLocalRandom/SplittbleRandom, since the
8060435 talks about the later two ?
As Bernd identified, the Windows equivalent to /dev/urandom is MSCAPI.
5 months ago I made an attempt to expose a part of contained internal
java security API to get access to /dev/urandom based and MSCAPI based
seed generators. Here's the thread with the discussion:
http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-June/027256.html
The minimal patch was the following:
http://cr.openjdk.java.net/~plevart/jdk9-dev/TLR_SR_SeedGenerator/webrev.01/
Regards, Peter
>
> Thanks, Roger
>
> p.s. Sorry to be covering old ground but I don't have all the context.
>
>
> [1] 8060435 SecureRandom initialization latency on Windows
> https://bugs.openjdk.java.net/browse/JDK-8060435
>
> [2]
> http://cr.openjdk.java.net/~martin/webrevs/openjdk9/ThreadLocalRandom-system-entropy/
More information about the core-libs-dev
mailing list