-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
5.0
-
x86
-
linux
FULL PRODUCT VERSION :
java version "1.5.0_05"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_05-b05)
Java HotSpot(TM) Client VM (build 1.5.0_05-b05, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux localhost 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
default installation
A DESCRIPTION OF THE PROBLEM :
In previous JDK versions 1.4.x the effect of specifying
securerandom.source=file:/dev/urandom
or the system property -Djava.security.egd=file:/dev/urandom
would allow a Linux system with low entropy to run code that makes use of java.security.SecureRandom#generateSeed() calls to generate properly seeded instances of SecureRandom. This is no longer the case in J2SE 5.0. It appears that the internals always use /dev/random in addition or instead of the specified /dev/urandom. As a result applications that depend on this functionality appear to hang indefinitely during low mouse/keyboard activity times.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the following code snippet in JDK 1.4.2 and JDK 1.5.0 with the command line option: -Djava.security.egd=file:/dev/urandom
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Process runs counting to 1000 and exits.
ACTUAL -
Process runs to completion very fast in JDK 1.4.2 running on Linux.
Process hangs when ran on JDK 1.5.0 and will slowly produce more output as keyboard and/or mouse activity produces entropy. Much like what happens on 1.4.2 with /dev/random.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
None, process hung waiting for entropy from /dev/random
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
public class Test {
public static void main(String args[]) throws Exception {
SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
for (int i=0; i < 1000; i++) {
rnd.generateSeed(256);
System.out.println("Got " + i);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
In Linux execute the following as root:
mv /dev/random /dev/random.real
ln -s /dev/urandom /dev/random
Release Regression From : 1.4.2
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
java version "1.5.0_05"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_05-b05)
Java HotSpot(TM) Client VM (build 1.5.0_05-b05, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux localhost 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
default installation
A DESCRIPTION OF THE PROBLEM :
In previous JDK versions 1.4.x the effect of specifying
securerandom.source=file:/dev/urandom
or the system property -Djava.security.egd=file:/dev/urandom
would allow a Linux system with low entropy to run code that makes use of java.security.SecureRandom#generateSeed() calls to generate properly seeded instances of SecureRandom. This is no longer the case in J2SE 5.0. It appears that the internals always use /dev/random in addition or instead of the specified /dev/urandom. As a result applications that depend on this functionality appear to hang indefinitely during low mouse/keyboard activity times.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the following code snippet in JDK 1.4.2 and JDK 1.5.0 with the command line option: -Djava.security.egd=file:/dev/urandom
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Process runs counting to 1000 and exits.
ACTUAL -
Process runs to completion very fast in JDK 1.4.2 running on Linux.
Process hangs when ran on JDK 1.5.0 and will slowly produce more output as keyboard and/or mouse activity produces entropy. Much like what happens on 1.4.2 with /dev/random.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
None, process hung waiting for entropy from /dev/random
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
public class Test {
public static void main(String args[]) throws Exception {
SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
for (int i=0; i < 1000; i++) {
rnd.generateSeed(256);
System.out.println("Got " + i);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
In Linux execute the following as root:
mv /dev/random /dev/random.real
ln -s /dev/urandom /dev/random
Release Regression From : 1.4.2
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
- duplicates
-
-
- Closed
-