[JDK-6202721] SHA1PRNG reads from /dev/random even if /dev/urandom selected - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P4
Resolution: Not an Issue
Affects Version/s: 5.0, 5.0u6, 5.0u11, 6, 6u13
Fix Version/s: None
Component/s: security-libs
Labels:
- jdcinclude
- licbug
- webbug

Subcomponent:
java.security
CPU:

generic, x86
OS:

generic, linux

Description

If you do

import java.security.SecureRandom;
class JRand {
  public static void main(String args[]) throws Exception {
    System.out.println("Ok: " +
      SecureRandom.getInstance("SHA1PRNG").nextLong());
  }
}

then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

Attachments

Issue Links

duplicates

JDK-6708214 java.security.SecureRandom.nextBytes() takes a long time.

Closed

JDK-6366924 REGRESSION: securerandom.source and/or java.security.egd dont work in 1.5.0_05

Closed

JDK-6850614 PKCS12 Keystore.store blocks if using NativePRNG, it doesn't follow securerandom.source

Closed

relates to

JDK-6521844 SecureRandom hangs on Linux Systems

Closed

Activity

People

Assignee:: Andreas Sterbenz

Reporter:: Andreas Sterbenz

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2004-12-01 14:30

Updated:: 2013-04-11 20:39

Resolved:: 2006-11-27 16:25

Imported:: 16/Sep/12 2:12 AM

Indexed:: 17/Jul/12 10:15 PM