RFR: 8098581 SecureRandom.nextBytes() hurts performance with small size requests

Mike StJohns mstjohns at comcast.net
Thu Dec 3 19:10:50 UTC 2015

The more I look at this the less I'm comfortable with the change to 

In general, there shouldn't be a need for a large amount of random data, 
especially not between multiple threads, so I'm not too sure the 
performance argument holds.

What I do worry about is a provider that's not particularly smart about 
how it does things offering up data and not updating internal pointers 
in a synchronized manner resulting in the possibility of the same 
"random" data being served to multiple requestors.   I think placing the 
synchronization at the glue class may be a better choice than depending 
on each and every provider doing the right thing.

Just a thought - Mike

On 12/3/2015 1:38 PM, Seán Coffey wrote:
> Hey Tony,
> looks like a fix that could come back to jdk8u-dev at some stage. 
> Thanks for taking this one on.
> Adding SecureRandom to the sunpkcs11-solaris.cfg file is a nice move. 
> Would you agree that JDK-8058455 could be closed out as a duplicate ?
> Regards,
> Sean.
> On 01/12/2015 23:44, Anthony Scarpino wrote:
>> Hi all,
>> I'd like a review of this change.  It improves nextBytes() 
>> performance by allowing the random buffer to grow and shrink as 
>> random data is needed and remove the high level synchronization. Also 
>> disable SecureRandom for Solaris PKCS11 as it's not as fast as native.
>> http://cr.openjdk.java.net/~ascarpino/8098581/webrev/
>> Thanks
>> Tony

More information about the security-dev mailing list