Hi all, I noticed slow (extremely slow, actually: something like 30seconds) startup of the Form Authentication Handler [1]. Tracking this down I found, that the SecureRandom implementation uses /dev/random which may block indefinitely to gather enough entropy to ensure secure random byte stream.
Now, a local quick hack solution is to create a symbolic link from /dev/urandom to /dev/random. But I don't think this is the right solution in the long run -- and I doubt this is a viable solution on a server system. I wonder, whether we really new SecureRandom here or whether java.util.Random would just be random enough ? Do others have experience with this ? (ah, Sun has a whole range of bugs for this /dev/random issue) Regards Felix [1] https://issues.apache.org/jira/browse/SLING-1729
