RFR: 8293326: jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java slow on Windows
Bradford Wetmore
wetmore at openjdk.org
Tue Sep 6 01:28:43 UTC 2022
On Mon, 5 Sep 2022 18:52:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java line 1044:
>>
>>> 1042: } else {
>>> 1043: cmd = new String[args.length + 4];
>>> 1044: cmd[3] = "-J-Djava.security.egd=file:/dev/./urandom";
>>
>> IIRC, this is a workaround for an old issue which no longer applies after JDK-6425477. By default NativePRNG generates from /dev/urandom, only grabbing seed data from /dev/random.
>>
>> I believe the egd workaround can be completely removed unless there's something that asks for NativePRNGBlocking.
>
> I remember the major problem was the auto-seeding before the first `nextBytes` is called, and it could read `/dev/random`. Not sure it's for SHA1PRNG or NativeRandom.
SHA1PRNG, which is no longer the default on Linux. But some apps are still asking for SHA1PRNG instead of using the default NativePRNG on Linux.
-------------
PR: https://git.openjdk.org/jdk/pull/10160
More information about the security-dev
mailing list