Thursday, August 18, 2011

NON-BLOCKING java entropy configuration

Today these lines caught my attention in the WL MS log:

####<17-Aug-2011 22:53:41 o'clock BST> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1313618021317> "securerandom.source= file:/dev/urandom"; Blocking Config= false; JDK version= 1.6.0_22; Operating System= Windows 7.>
####<17-Aug-2011 22:53:41 o'clock BST> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1313618021319> <Detected NON-BLOCKING java entropy configuration. This setting will provide the best performance on machines with few sources of entropy, but is less secure than a blocking entropy configuration.>


Random number generation - necessary to the encryption framework - can be a source of slowness in WebLogic startup
http://www.itonguard.com/20090313/weblogic-starts-slow/

so it's better to keep an eye on this setting.

See here http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/JAASRefGuide.html#AppendixA

"# The entropy gathering device is described as a URL and can
# also be specified with the property "java.security.egd". For example,
# -Djava.security.egd=file:/dev/urandom
# Specifying this property will override the securerandom.source setting."



See also this post of mine (I am getting old, I keep repeating the same stuff over and over!)



No comments: