Le 03/10/2014 20:41, Rainer Jung a écrit :
Am 03.10.2014 um 14:01 schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Martin,
On 10/3/14 5:48 AM, Martin Hamant wrote:
Le 03/10/2014 11:26, Martin Hamant a écrit :
The virtual (qemu) server runs with 4GB RAM
Sorry, The hypervisor is KVM. The VM is running on top of
OpenStack So... This could lead somewhere as I am reading
http://blog.dustinkirkland.com/2012/10/entropy-or-lack-thereof-in-openstack.html
OpenStack
or not, running on a VM usually means that the underlying OS
is providing the source of entropy. If your physical machine is
heavily virtualized, you may have multiple entropy sinks constantly
draining your source(s() of entropy.
If you wait for a while, things will recover. If you find you are
constantly blocking waiting for more randomness to be available from
your random source, you basically have 3 options:
1. Suffer through it. Just keep waiting.
2. Use a poor source of randomness, like /dev/urandom on Linux.
I wouldn't recommend this for any kind of production deployment,
since the entropy source is "watered-down". You can't rely on it
for important things like encryption (including SSL) and really
anything that requires random numbers that are as random as
possible (like session ids).
3. Get yourself a hardware entropy source. You can buy USB keys that
do this kind of thing. Make sure whatever you get is compatible
with your OS and accessible by Java (better yet, get one that will
simply dump its randomness into /dev/random).
... and in case you are heading for the urandom solution and are sing
JDK before 8, you should use e.g.
Thanks both of you for your help.
-Djava.security.egd=file:/dev//urandom
and *not*
-Djava.security.egd=file:/dev/urandom
And what about using haveged (so no need to alter setenv.sh) in the VM
VS using /dev/urandom ?
I read about it here
http://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines
The small C program returns values between 20-30 in my VM, but as
specified it doesn't guarantee anything...
- Waiting 10min for a tomcat to start is a pain
- getting a USB hardware device for that is like walking on head.
So... I consider using haveged or urandom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
