On 11/24/2014 09:46 PM, roger riggs wrote:
Hi,
This topic has languished for a bit and could use a bit of expertise from
Windows developers.
The improvements in entropy for initializing Secure Random in JDK 8 have
some negative attributes that affect maintainability, robustness and
performance[1].
The dependency on networking, can in some OS's and configurations lead
to increased startup times and issues with bootstrapping the Java
runtime.
Martin has proposed[2] an alternative for Linux based on /dev/urandom
with a fallback to a simpler algorithm if /dev/urandom is not available.
Since /dev/urandom is not native to Windows, it seems prudent to identify
a corresponding source of entropy data.
What are the recommended ways on Windows to get seeds for random?
Please suggest one or more ways to initialize SecureRandom
Hi Roger,
Do you mean SecureRandom or ThreadLocalRandom/SplittbleRandom, since the
8060435 talks about the later two ?
As Bernd identified, the Windows equivalent to /dev/urandom is MSCAPI.
5 months ago I made an attempt to expose a part of contained internal
java security API to get access to /dev/urandom based and MSCAPI based
seed generators. Here's the thread with the discussion:
http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-June/027256.html
The minimal patch was the following:
http://cr.openjdk.java.net/~plevart/jdk9-dev/TLR_SR_SeedGenerator/webrev.01/
Regards, Peter
Thanks, Roger
p.s. Sorry to be covering old ground but I don't have all the context.
[1] 8060435 SecureRandom initialization latency on Windows
https://bugs.openjdk.java.net/browse/JDK-8060435
[2]
http://cr.openjdk.java.net/~martin/webrevs/openjdk9/ThreadLocalRandom-system-entropy/
