subject:"Re\: secureRandom... using \[SHA1PRNG\] ..took \(up to\) 20 minutes"

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

2019-12-31 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Markus,

On 12/30/19 05:27, i...@flyingfischer.ch wrote:
> apt-get install haveged update-rc.d haveged defaults
> 
> Increases entropy pool and there for reduces start up time for
> Tomcat.

I would argue that haveged reduces your security because it makes
/dev/random (a supposedly-secure source of entropy) behave like
/dev/urandom which is supposed to be sufficiently-random yet not
secure for things like generating keys.

You should use the right tool for the right job: use /dev/random for
keys (and let it take 20 minute if necessary) and /dev/urandom for
other uses.

- -chris

> Am 30.12.19 um 11:22 schrieb Rainer Jung:
>> It depends a bit on the major Java version you are using, but
>> have a look at this page:
>> 
>> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartU
p#HowToFasterStartUp-EntropySource
>>
>>
>>
>> 
Regards,
>> 
>> Rainer
>> 
>> Am 30.12.2019 um 05:01 schrieb Vince Stewart:
>>> I started recently using my my java app with embedded Tomcat /
>>> 8.0.28 on a debian VPS (DigitalOcean).
>>> 
>>> Unfortunately, it can take up to 20 minutes to launch into
>>> action from the time you start execution. The issue relates to
>>> "Creation of SecureRandom instance ... using SHA1PRNG".
>>> Slowness has been described and explained in Stackoverflow.
>>> 
>>> My tomcat has otherwise been so reliable that I have had no 
>>> motivation to keep it upgraded.  Can anyone advise if some
>>> change will apply if I upgrade to the latest version 8.
>>> 
>>> Otherwise, is there a configuration change I could employ.
>>> 
>>> Many thanks,
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4LaJIACgkQHPApP6U8
pFjeVA//QXVvuJUvLOIfTqWXsQvgwh1w4IIqDOZcRgCy3fbpdEWgv2oRkz6B0vNO
WwjQXR2PNyfTLjIq8pjiGQMH9AihX6rGal9IUJ6qGFVXBr2xqb0c+8XMy3nEKYlI
++YKoe4OuVX3xG0a+iozPY1fnHSTt05xGZo1WdTgPE1gmkWmF+J76OOeA5Gb8Yx6
57O+ok6yhmBj9sBD2QwKa4L4UZNAoObJS7fzYYrzdkhcRn545NISdYMV4hE5Va5K
8vfq2fO3eLMcRebYra5nAmaLovv4M3zJalpTHE4nOhJ+6HqcDV41TiS7HaHe/2+e
34bMjQlA0FIE7J1InfJCTamVPEw5F357WetYS0eLlhR26rFG1zz3ra5W9d3JNbW7
PNTQZhfJmE7ZarmN1WsUUSmkRPD0SNQYWcHJ3zgdUMl2AJoMDB9Eo/bn+mw4Ht23
vha4dUk1ePjsWD1eaAGBWYUswjvZ+wfUjkXOCTtFadO2LHzOdfRASg4UpYeKFOL9
KgazuTx9xssHrc5UfSlojoSSVohLFievhS1cGGzN8IEHWN1ZYcAoLUpGAE0sC8yf
NPyBaqiQfv+vYkiODXSnE80ivWr1m1McJAamNL469yJnqc6qPPGm3cOr4DMAVJWh
ktpDai+wXpS3YEciXkLIH9Dn7KNLzNr43M/uXFs5gLdm6LnKvSE=
=jdiM
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

2019-12-30 Thread i...@flyingfischer.ch

apt-get install haveged
update-rc.d haveged defaults

Increases entropy pool and there for reduces start up time for Tomcat.

Markus


Am 30.12.19 um 11:22 schrieb Rainer Jung:
> It depends a bit on the major Java version you are using, but have a
> look at this page:
>
> https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource
>
>
> Regards,
>
> Rainer
>
> Am 30.12.2019 um 05:01 schrieb Vince Stewart:
>> I started recently using my my java app with embedded Tomcat / 8.0.28
>> on a
>> debian VPS (DigitalOcean).
>>
>> Unfortunately, it can take up to 20 minutes to launch into action
>> from the
>> time you start execution. The issue relates to "Creation of SecureRandom
>> instance ... using SHA1PRNG".  Slowness has been described and
>> explained in
>> Stackoverflow.
>>
>> My tomcat has otherwise been so reliable that I have had no
>> motivation to
>> keep it upgraded.  Can anyone advise if some change will apply if I
>> upgrade
>> to the latest version 8.
>>
>> Otherwise, is there a configuration change I could employ.
>>
>> Many thanks,
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

2019-12-30 Thread Rainer Jung

It depends a bit on the major Java version you are using, but have a 
look at this page:


https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp#HowToFasterStartUp-EntropySource

Regards,

Rainer

Am 30.12.2019 um 05:01 schrieb Vince Stewart:

I started recently using my my java app with embedded Tomcat / 8.0.28 on a
debian VPS (DigitalOcean).

Unfortunately, it can take up to 20 minutes to launch into action from the
time you start execution. The issue relates to "Creation of SecureRandom
instance ... using SHA1PRNG".  Slowness has been described and explained in
Stackoverflow.

My tomcat has otherwise been so reliable that I have had no motivation to
keep it upgraded.  Can anyone advise if some change will apply if I upgrade
to the latest version 8.

Otherwise, is there a configuration change I could employ.

Many thanks,


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

3 matches

Site Navigation

Mail list logo

Footer information