Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P4
-
Resolution: Not an Issue
-
Affects Version/s: 5.0, 5.0u6, 5.0u11, 6, 6u13
-
Fix Version/s: None
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
CPU:generic, x86
-
OS:generic, linux
Description
If you do
import java.security.SecureRandom;
class JRand {
public static void main(String args[]) throws Exception {
System.out.println("Ok: " +
SecureRandom.getInstance("SHA1PRNG").nextLong());
}
}
then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.
The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".
import java.security.SecureRandom;
class JRand {
public static void main(String args[]) throws Exception {
System.out.println("Ok: " +
SecureRandom.getInstance("SHA1PRNG").nextLong());
}
}
then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.
The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".
Attachments
Issue Links
- duplicates
-
JDK-6708214 java.security.SecureRandom.nextBytes() takes a long time.
-
- Closed
-
-
JDK-6366924 REGRESSION: securerandom.source and/or java.security.egd dont work in 1.5.0_05
-
- Closed
-
-
JDK-6850614 PKCS12 Keystore.store blocks if using NativePRNG, it doesn't follow securerandom.source
-
- Closed
-
- relates to
-
JDK-6521844 SecureRandom hangs on Linux Systems
-
- Closed
-