<div dir="ltr"><div>I support Peter at al's plan to add an API that ThreadLocalRandom et al can use to get some system entropy without unbounded class dependency loading.</div><div><br></div>It should not surprise anyone that at Google, we are most interested in running on Linux, so while we're waiting for a proper fix to happen we are locally applying a simpler patch that tries explicitly /dev/urandom, falling back to SecureRandom if necessary:<div>
<br></div><div><a href="http://cr.openjdk.java.net/~martin/webrevs/openjdk9/ThreadLocalRandom-system-entropy/">http://cr.openjdk.java.net/~martin/webrevs/openjdk9/ThreadLocalRandom-system-entropy/</a><br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Mon, Jul 14, 2014 at 1:54 PM, Bernd <span dir="ltr"><<a href="mailto:ecki@zusammenkunft.net" target="_blank">ecki@zusammenkunft.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">SecureRandom is unfortunatelly pretty complex. It is interpreting the seed url in some way (the configuration you mentioned behave very special since Java 6) , it is mixing seed and continues data and it reorders the implementations used. </p>
<p dir="ltr">JEP 123 intended to clear things, but getInstanceStrong() (which nobody uses?!) did not improve things IMHO.</p><span class="HOEnZb"><font color="#888888">
<p dir="ltr">Bernd</p>
</font></span><p dir="ltr">PS: I think the webrev changed since then, but the mail from Brad describes the problem well: <a href="http://mail.openjdk.java.net/pipermail/security-dev/2013-January/006288.html" target="_blank">http://mail.openjdk.java.net/pipermail/security-dev/2013-January/006288.html</a></p>
<div class="gmail_quote">Am 14.07.2014 21:05 schrieb "Oleksandr Otenko" <<a href="mailto:oleksandr.otenko@oracle.com" target="_blank">oleksandr.otenko@oracle.com</a>>:<div><div class="h5"><br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Can someone summarize what happened?<br>
<br>
SecureRandom used to get entropy from /dev/random, which is
configurable through a policy file to /dev/urandom. Has this
changed?<br>
<br>
Alex<br>
<br>
<div>On 12/07/2014 00:33, Martin Buchholz
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">Thanks to Peter for digging into the
secure seed generator classes and coming up with a patch.
Openjdk security folks, please review. I confess to getting
lost whenever I try to orient myself in the twisty maze of
seed generator implementation files.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Anyways, it seems important to have
prngs like ThreadLocalRandom be able to get a few bits of seed
entropy without loading hundreds of classes and without
occupying any file descriptors permanently. Perhaps at Google
we will go back to writing some simple non-portable startup
code to read /dev/urandom until openjdk security team comes up
with a more principled solution (but one that doesn't drag in
too much machinery).</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Concurrency-interest mailing list
<a href="mailto:Concurrency-interest@cs.oswego.edu" target="_blank">Concurrency-interest@cs.oswego.edu</a>
<a href="http://cs.oswego.edu/mailman/listinfo/concurrency-interest" target="_blank">http://cs.oswego.edu/mailman/listinfo/concurrency-interest</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div></div></div>
</blockquote></div><br></div>