-
Enhancement
-
Resolution: Unresolved
-
P3
-
None
-
9
-
None
In JDK 8 ThreadLocalRandom (and SplittableRandom) by default computes an initial seed to the PRNG using the mac address obtained via NetworkInterface.getNetworkInterfaces(). This unfortunately can result in high very initialization costs on certain platforms (Windows) which in turn can propagate to other classes such as ConcurrentSkipList*.
The fix forJDK-8066397 will remove the network code and by default compute a seed using the current system time.
It would be useful to enhance the seed generating functionality in the JDK to compute seed bytes of reasonable cryptographic strength for the underlying platform that:
1) has a very low initialization cost; and
2) can be used by ThreadLocalRandom and SplittableRandom as the default.
One possible solution is to add a new public static method SecureRandom.getSystemSeed() (as proposed in the comments) in JDK 9. Ideally this functionality could be back-ported as a private interface in 8u60 (which will unfortunately result in a deviation of ThreadLocalRandom in JDK 8u60 and the version in the 166 repository.)
The fix for
It would be useful to enhance the seed generating functionality in the JDK to compute seed bytes of reasonable cryptographic strength for the underlying platform that:
1) has a very low initialization cost; and
2) can be used by ThreadLocalRandom and SplittableRandom as the default.
One possible solution is to add a new public static method SecureRandom.getSystemSeed() (as proposed in the comments) in JDK 9. Ideally this functionality could be back-ported as a private interface in 8u60 (which will unfortunately result in a deviation of ThreadLocalRandom in JDK 8u60 and the version in the 166 repository.)
- relates to
-
JDK-8047769 SecureRandom should be more frugal with file descriptors
-
- Resolved
-
-
-
- Closed
-