Hi Roger,
I see the 8060435 bug already talks about that possible solution too.
I agree with Paul that a public static method on SecureRandom would be
better for JDK9. Or maybe even some new class in java.util, which would
implement just the interface to native /dev/urandom on Unixes and MSCAPI
on Windows (without any SHA1 mixing or such) and make java security
SeedGenerator depend on that rather than the other way around (where
TLR/SplittableRandom depend on java security). I think this is better
from modularization standpoint too.
In case of a new java.util class (what about a method on
java.lang.System?) the code (together with native part on Windows) could
just be copied from (Native)SeedGenerator where it is already tried and
tested. Then NativeSeedGenerator would just become a facade for invoking
java.util/java.lang.System method.
Regards, Peter
On 11/26/2014 12:15 AM, Peter Levart wrote:
On 11/24/2014 09:46 PM, roger riggs wrote:
Hi,
This topic has languished for a bit and could use a bit of expertise
from
Windows developers.
The improvements in entropy for initializing Secure Random in JDK 8 have
some negative attributes that affect maintainability, robustness and
performance[1].
The dependency on networking, can in some OS's and configurations lead
to increased startup times and issues with bootstrapping the Java
runtime.
Martin has proposed[2] an alternative for Linux based on /dev/urandom
with a fallback to a simpler algorithm if /dev/urandom is not available.
Since /dev/urandom is not native to Windows, it seems prudent to
identify
a corresponding source of entropy data.
What are the recommended ways on Windows to get seeds for random?
Please suggest one or more ways to initialize SecureRandom
Hi Roger,
Do you mean SecureRandom or ThreadLocalRandom/SplittbleRandom, since
the 8060435 talks about the later two ?
As Bernd identified, the Windows equivalent to /dev/urandom is MSCAPI.
5 months ago I made an attempt to expose a part of contained internal
java security API to get access to /dev/urandom based and MSCAPI based
seed generators. Here's the thread with the discussion:
http://mail.openjdk.java.net/pipermail/core-libs-dev/2014-June/027256.html
The minimal patch was the following:
http://cr.openjdk.java.net/~plevart/jdk9-dev/TLR_SR_SeedGenerator/webrev.01/
Regards, Peter
Thanks, Roger
p.s. Sorry to be covering old ground but I don't have all the context.
[1] 8060435 SecureRandom initialization latency on Windows
https://bugs.openjdk.java.net/browse/JDK-8060435
[2]
http://cr.openjdk.java.net/~martin/webrevs/openjdk9/ThreadLocalRandom-system-entropy/
