[
https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969078#comment-13969078
]
Hoss Man commented on SOLR-5776:
--------------------------------
bq. Supposedly, java.security.egd is the system property that overrides
securerandom.source.
Hmmm, yeah ....
I just spent a bit of time reading this:
http://moi.vonos.net/java/securerandom/ before i realized that apparently i
died and am now in hell. If, for the sake of argument, we assume i'm wrong --
that i really am alive, and this is not hell -- then from what i can tell:
* The only way to guarantee that arbitrary code using a SecureRandom (maybe
just calling "new" maybe calling "generateSeed" - who knows it's arbitrary and
out of our control) won't block indefinitely is to ensure that we are using the
SHA1PRNG algorithm with ThreadedSeedGenerator
* the way to ensure that you get the SHA1PRNG algorithm with
ThreadedSeedGenerator is to ensure that the effective value of
"securerandom.source" is unset.
* "securerandom.source" is explicitly configured in the "java.security" file
that ships with the JRE/JDK
* the "java.security.egd" system property can be used at runtime to to
_override_ the "securerandom.source" value configured in "java.security"
* it is apparently not possible to _unset_ the value of "securerandom.source"
just by using a system property - not even using -Djava.security.egd="" (which
seems to just be ignored and you still get "NativePRNG")
One thing i didn't see discussed in that article is what happens if you use:
-Djava.security.egd="/bogus/file/that/does/not/exist" -- that clearly triggers
the use of SHA1PRNG, but it's not clear what happens when the URLSeedGenerator
can't open the file.
My gut tells me that it may then be defaulting to the (guaranteed to never
block) ThreadedSeedGenerator because it definitely behaves differently on my
machine using the code below -- in particularly, it's a bit slow to seed, and I
theorize it's because it's running the ThreadedSeedGenerator (but i can't
figure out how to ask the SecureRandom and/or Provider which SeedGenerator is
in use)...
{code}
import java.security.SecureRandom;
public final class Random {
public static final void main(String[] args) {
for (int i= 0; i< 10; i++) {
SecureRandom r = new SecureRandom();
System.out.println( r.getAlgorithm() + "::" + r.getProvider().toString()
+ "::" + r.nextInt());
}
}
}
{code}
{noformat}
hossman@frisbee:~/tmp$ javac Random.java && java -Djava.security.egd="" Random
NativePRNG::SUN version 1.7::-197797452
...
hossman@frisbee:~/tmp$ javac Random.java && java
-Djava.security.egd="/does/not/exist" Random
SHA1PRNG::SUN version 1.7::-926688095
...
{noformat}
> Look at speeding up using SSL with tests.
> -----------------------------------------
>
> Key: SOLR-5776
> URL: https://issues.apache.org/jira/browse/SOLR-5776
> Project: Solr
> Issue Type: Test
> Reporter: Mark Miller
> Assignee: Mark Miller
> Fix For: 4.9, 5.0
>
> Attachments: SOLR-5776.patch
>
>
> We have to disable SSL on a bunch of tests now because it appears to sometime
> be ridiculously slow - especially in slow envs (I never see timeouts on my
> machine).
> I was talking to Robert about this, and he mentioned that there might be some
> settings we could change to speed it up.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
