On Aug 18, 2011, at 1:06 AM, Shawn Jiang wrote: > This could increase the linux start up speed significantly. Does anyone > know is it safe to add "-Djava.security.egd=file:/dev/./urandom" to our > startup script directly. > > Don't know if it will break something on other linux/unix platforms.
IIRC, some unix variants don't have a /dev/urandom. I don't think these environments are very popular. I would expect these environments would have fairly obvious failures and could be diagnosed, fairly easily. I suppose that there is some possibility that urandom will generate a less secure seed for the SSL server socket. I've never heard of any concerns about this, but that doesn't mean it doesn't exist. This is a long standing problem. And Java has not chosen to do anything about it. I know some servers have used a similar approach. Others, e.g. Tomcat, have left it up to users/admins. Given the number of times we bump into this issue, I'd say that setting "-Djava.security.egd=file:/dev/./urandom" is likely to do more good than harm. --kevan