On Mon, 5 Sep 2022 18:52:21 GMT, Weijun Wang <[email protected]> wrote:
>> test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java line
>> 1044:
>>
>>> 1042: } else {
>>> 1043: cmd = new String[args.length + 4];
>>> 1044: cmd[3] = "-J-Djava.security.egd=file:/dev/./urandom";
>>
>> IIRC, this is a workaround for an old issue which no longer applies after
>> JDK-6425477. By default NativePRNG generates from /dev/urandom, only
>> grabbing seed data from /dev/random.
>>
>> I believe the egd workaround can be completely removed unless there's
>> something that asks for NativePRNGBlocking.
>
> I remember the major problem was the auto-seeding before the first
> `nextBytes` is called, and it could read `/dev/random`. Not sure it's for
> SHA1PRNG or NativeRandom.
SHA1PRNG, which is no longer the default on Linux. But some apps are still
asking for SHA1PRNG instead of using the default NativePRNG on Linux.
-------------
PR: https://git.openjdk.org/jdk/pull/10160
