On 10 Apr, Bojan Smojver wrote:
> [EMAIL PROTECTED] wrote:
>
>> The patch allows systems that have /dev/random to use it instead of
>> the slower Random. Instead of checking for OS==linux ( as in
>> submited patch ) we use an option of the module.
>
> Cool.
>
>> The code if the option "useDevRandom" is not set is the same as
>> before. If you set useDevRandom="true" then /dev/random will be
>> used.
>
> Very cool. Where do I whack this option? server.xml? I know it must be
> a silly question to ask on Tomcat Dev list... :-)
>
>> ( Bojan - please review and let me know if it is not what you
>> intended, I'm not sure if the /dev/ransom needs to be closed/open
>> all the time )
>
> I don't think it needs to be opened/closed all the time. Honestly I
> can't say for sure. There must be some true Linux experts out there
> that can enlighten us on that one. My knowledge is limited to the
> manual page
> (man 4 random) where this file is explained as giving secure random
> numbers. If 'entropy pool' is empty, /dev/random will block until this
> pool is filled (ie. until there are events in the kernel that can fill
> the pool again). The pool gets filled by the 'noise' produced by
> drivers and other kernel sources. Whether opening and closing of the
> stream makes a difference, I really couldn't say, but it seem to me
> that it shouldn't (except for the fact that code execution itself
> might fill the pool).
>
>>From Tomcat's perspective it's really better to keep it open. It's
>>going
> to run faster. I'm guessing all open streams get closed when Tomcat is
> shut down anyway, so that's fine.
>
> And thanks for acting so quickly on this!
>
> Bojan
Given that tomcat should run for days or weeks at a time, I don't think
you want to keep /dev/random open. There maybe other processes that also
need random data during that time.
=eas=
