Thursday, April 24, 2014

the crazy story of securerandom.source=file:/dev/./urandom

More or less everybody know that if SSL encryption operations are slow, the culprit must be the source of entropy from /dev/random, and that you can replace it with /dev/urandom.

Everybody know that you can do this in 2 equivalent ways:

  • either you enter securerandom.source=file:/dev/urandom in $JAVA_HOME/jre/lib/security/

  • or you start the JVM with the argument

What really is striking is that although this value might already be set by default on Windows, one should actually set as a value "/dev/./urandom" on Linux systems, otherwise APPARENTLY the setting is not actually accepted by Java and it defaults again to /dev/random

How in 2014 we still have to manually take care of these things, it's a mystery. And whether this is actually true, another mystery.

Apparently this is intended - and not a bug, however it's disheartening. See also Oracle Doc "Long Delay During Startup of SOA Managed Server (Doc ID 1336411.1)" and
However, it says "Note that this workaround should not be used in production environments because it uses pseudo-random numbers instead of genuine random numbers."

No comments: