Last active
May 11, 2020 15:39
-
-
Save svrc-personal/5a8accc57219b9548fe1 to your computer and use it in GitHub Desktop.
JDK 8 seems to use /dev/urandom and /dev/random more sensibly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Summary of Behaviour: | |
| A. OpenJDK 7 b65. | |
| 1. Default in java.security is securerandom.source=/dev/urandom | |
| 2. If securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random | |
| 3. if securerandom.source=/dev/random, then SHA1PRNG is used. Initial seed is blocking via /dev/random. No other accesses. | |
| 4. If securerandom.source=/dev/./urandom then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses. | |
| B. Oracle JDK 8 b25. | |
| 1. Default in java.security is securerandom.source=/dev/random. | |
| 2. if securerandom.source=/dev/random, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random | |
| 3. if securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is non-blocking via /dev/urandom | |
| 4. if securerandom.source=/dev/./urandom, then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses | |
| NOTES from strace tests, looking at what file handles are read from | |
| (Apoligies these aren't super clear or necessarily complete -- as I ran these out of order and collated them) | |
| Test #1 - SecureRandom.getBytes() | |
| import java.security.*; | |
| public class SecureRandomTest { | |
| public static void main(String[] args) { | |
| SecureRandom sr = new SecureRandom(); | |
| byte[] b = new byte[1024]; | |
| sr.nextBytes(b); | |
| } | |
| } | |
| Test #2 - SecureRandom.generateSeed(20) | |
| import java.security.*; | |
| public class SecureRandomTest2 { | |
| public static void main(String[] args) { | |
| SecureRandom sr = new SecureRandom(); | |
| sr.generateSeed(20); | |
| } | |
| } | |
| root@ip-10-213-153-146:~# lsb_release -d | |
| Description: Ubuntu 14.04.1 LTS | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# java -version | |
| java version "1.8.0_25" | |
| Java(TM) SE Runtime Environment (build 1.8.0_25-b17) | |
| Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# cat jre/lib/security/java.security | grep source | |
| # Sun Provider SecureRandom seed source. | |
| # Select the primary source of seed data for the "SHA1PRNG" and | |
| # specified by the "securerandom.source" Security property. If an | |
| # "securerandom.source" Security property. | |
| securerandom.source=file:/dev/random | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# javac SecureRandomTest.java | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more | |
| provider: NativePRNG egdUrl: file:/dev/random | |
| provider: NativePRNG.MIXED seedFile: /dev/random nextFile: /dev/urandom | |
| Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] | |
| Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] | |
| provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random | |
| Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] | |
| provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom | |
| ..snip.. | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 3347 03:28:23 access("/dev/random", R_OK) = 0 | |
| 3347 03:28:23 access("/dev/random", R_OK) = 0 | |
| 3347 03:28:23 access("/dev/urandom", R_OK) = 0 | |
| 3347 03:28:23 open("/dev/random", O_RDONLY) = 5 | |
| 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 6 | |
| 3347 03:28:23 access("/dev/random", R_OK) = 0 | |
| 3347 03:28:23 access("/dev/random", R_OK) = 0 | |
| 3347 03:28:23 open("/dev/random", O_RDONLY) = 7 | |
| 3347 03:28:23 open("/dev/random", O_RDONLY) = 8 | |
| 3347 03:28:23 access("/dev/urandom", R_OK) = 0 | |
| 3347 03:28:23 access("/dev/urandom", R_OK) = 0 | |
| 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 9 | |
| 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 10 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out | |
| 3347 03:28:23 read(6, "\253F\22{Qh;\262\356\3454\227\2716\316u\305\n\16x", 20) = 20 | |
| 3347 03:28:23 read(6, "W\7\323ae&\351w\254\327ER\276O\376\7;y6\6\375\3224\314\205\221\253V\34}s\332", 32) = 32 | |
| 3347 03:28:23 read(6, "\354\220i\251\246b;\370\331\230\251>\346x\305/;\v\21\357\373\250\216\16\340\20\203sDY\345\233", 32) = 32 | |
| 3347 03:28:23 read(6, "\342\23c\177B\200\5VpK\324\21\220?\230[\220\37\363\254\253\257\f\327\"\275\211p)\325\337@", 32) = 32 | |
| 3347 03:28:23 read(6, "\364ME\262b\264\342U\200R\261\252\f\t\274u{a\343\313\356\223?\5\315/\200\204p;\23*", 32) = 32 | |
| 3347 03:28:23 read(6, "Mm&\236\247\341=\221!\36\26\270{\262\345lW\355\215\352Fe\244\204H\354(Q\235\2\373\250", 32) = 32 | |
| 3347 03:28:23 read(6, "\253i\272\250\216\324\"\374elj\263\33)'\376\177\326\345\341@\2010\365\0052\317!\327\243&\v", 32) = 32 | |
| 3347 03:28:23 read(6, "\215\20o\372\204\360\303\262bo\256\200\210:\210\240U\376d\236\\\244|^\220}Q8X\211\"\6", 32) = 32 | |
| 3347 03:28:23 read(6, "\366\256\31\2\230V4\335\364\2231\332;\4\t\373\265Uq7\3313\227:\233|5h\334\344\232\212", 32) = 32 | |
| 3347 03:28:23 read(6, "\3N\0\2019l{\353)#>r\322M\215\1772\225HKd!\207\327U\365\35x\341\342\305\267", 32) = 32 | |
| 3347 03:28:23 read(6, "\236\327\232\363\20\335\227\255K\307\345=\237w\343@\302\221.\347\24\235\270\362@\343t\374\217%\272X", 32) = 32 | |
| 3347 03:28:23 read(6, "P\270\244I|G\1\250\232\361f\261P\204v}00\235\351\215\3308o\345\337}\207|\307\323o", 32) = 32 | |
| 3347 03:28:23 read(6, "\324\371\t\2G\267 \315% \221\274\275\253\372\333\6\230\237\320\305[\254\3675v\277\344\252\16\362\264", 32) = 32 | |
| 3347 03:28:23 read(6, "\303\202(f\225\220\273\314\326\200x\307#XN\362U\245w\3542\23\256,\253g&\205\263@\340C", 32) = 32 | |
| 3347 03:28:23 read(6, "p\31\3\344\362\254\26\34\330mf\244\r\264\252\335\0019\345\16\211\207\361~2\6\257\211\33+\30\265", 32) = 32 | |
| 3347 03:28:23 read(6, "+0\234\334\207\302\343p@\223\352Wyw5\320\264n\302\302N\4B\244\r\1\0-\33\235<\301", 32) = 32 | |
| 3347 03:28:23 read(6, "~\317\v\330\2376\24\37\255\365RA\3122\221\207\313\377\0071\257+\5\225Yf\240\221-$\363f", 32) = 32 | |
| 3347 03:28:23 read(6, "\3475\1\305:\233\355[\26\205{\312\354)txS\313\301\301\203\367\304\265\\\204d\354;Q\236\7", 32) = 32 | |
| 3347 03:28:23 read(6, "\3433\36\244T\tB\263J\304#\370\303\20\275pKM\272\234/\3\226%m\204Q\322\345\215\233\270", 32) = 32 | |
| 3347 03:28:23 read(6, "F\361\230e\206\226\254\337'\351S\250\252\357\317\5\35!\356R\27{\274H\357\302\311 \17F\275\350", 32) = 32 | |
| 3347 03:28:23 read(6, "\203tZp\275\r^\204nIE`\336S\26\20\366r\333Oy\276ib\237,\254\347nf\274r", 32) = 32 | |
| 3347 03:28:23 read(6, "\226\223]\363]'\23\222\343_r\200\"[\366\235\v~\347\311\346\rqf{`\245\220\322\200\322\244", 32) = 32 | |
| 3347 03:28:23 read(6, "\257\325]L0\305zA\224\201\233W\320\371\271\305I\17\344\202\v\24y\202\231s\313\266\240\246\376.", 32) = 32 | |
| 3347 03:28:23 read(6, "\222\343\2\226\23\270\347\210\204\5\355\300\255\356\3\21\22PX\273'\273\300\375SO*W\256\237Q\344", 32) = 32 | |
| 3347 03:28:23 read(6, "\23|\2332a\237\233\362f\"\217O\253\245\331\322\242\231\267`\263{\0\2214{\277\353U\r\6\237", 32) = 32 | |
| 3347 03:28:23 read(6, "fy\215Z\325i\320\22\326\347\17:\315\246\f\367\260Yj\212\233c\37\245\304\323\336LuW\216\266", 32) = 32 | |
| 3347 03:28:23 read(6, "\205\261\251\372\r\257\37\217\322?\310.\30a\7\34a\360dVG\236s\334\237d11\374W\363\356", 32) = 32 | |
| 3347 03:28:23 read(6, "`<f\313l\273jy\371\340]xj9S\226w^N\351\315\264,\263\6\330\324u\352\336\2\324", 32) = 32 | |
| 3347 03:28:23 read(6, "\311\257\274\302\26\346\17%\263\345=\323\310\355\334\363V\204\273\222O\225j\324ZK\f\366\275t\233m", 32) = 32 | |
| 3347 03:28:23 read(6, "+\3244t\371\330n\237\6\341\5\221\317\227\344\366\f\231\33\261|J#\273z\232\n\361i\275\322\266", 32) = 32 | |
| 3347 03:28:23 read(6, "\25h5\300d\342\302\200\256\320\266w\301!\1_\377\7\251\247}\335[_e\224\267\275V\342R\217", 32) = 32 | |
| 3347 03:28:23 read(6, "\4\237\256\226\260\25501\255\374,\f\367\325\32\315\345\241\301>\363N\315\267\273\247q\314\251\4E\321", 32) = 32 | |
| 3347 03:28:23 read(6, "\v\6 +\3465\33>YZ\0\346i\275\354\330\10\232sd\23\374\7\304\331\247\"y\356\373\305\250", 32) = 32 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 13385 05:24:41 access("/dev/random", R_OK) = 0 | |
| 13385 05:24:41 access("/dev/random", R_OK) = 0 | |
| 13385 05:24:41 access("/dev/urandom", R_OK) = 0 | |
| 13385 05:24:41 open("/dev/random", O_RDONLY) = 5 | |
| 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 6 | |
| 13385 05:24:41 access("/dev/random", R_OK) = 0 | |
| 13385 05:24:41 access("/dev/random", R_OK) = 0 | |
| 13385 05:24:41 open("/dev/random", O_RDONLY) = 7 | |
| 13385 05:24:41 open("/dev/random", O_RDONLY) = 8 | |
| 13385 05:24:41 access("/dev/urandom", R_OK) = 0 | |
| 13385 05:24:41 access("/dev/urandom", R_OK) = 0 | |
| 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 9 | |
| 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 10 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out | |
| 13385 05:24:41 read(5, "\3f\221\21Z<\272\23\245q\243:H\363$!", 20) = 16 | |
| 13385 05:24:41 read(5, "\241\351\22\6", 4) = 4 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/random|source=file:/dev/urandom|" jre/lib/security/java.security | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more | |
| provider: NativePRNG egdUrl: file:/dev/urandom | |
| provider: NativePRNG.MIXED seedFile: /dev/urandom nextFile: /dev/urandom | |
| Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] | |
| Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] | |
| provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random | |
| Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] | |
| provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom | |
| ..snip.. | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 13435 05:43:50 access("/dev/urandom", R_OK) = 0 | |
| 13435 05:43:50 access("/dev/urandom", R_OK) = 0 | |
| 13435 05:43:50 access("/dev/urandom", R_OK) = 0 | |
| 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 5 | |
| 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 6 | |
| 13435 05:43:50 access("/dev/random", R_OK) = 0 | |
| 13435 05:43:50 access("/dev/random", R_OK) = 0 | |
| 13435 05:43:50 open("/dev/random", O_RDONLY) = 7 | |
| 13435 05:43:50 open("/dev/random", O_RDONLY) = 8 | |
| 13435 05:43:50 access("/dev/urandom", R_OK) = 0 | |
| 13435 05:43:50 access("/dev/urandom", R_OK) = 0 | |
| 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 9 | |
| 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 10 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out | |
| 13435 05:43:50 read(6, "+\0033J\201\201{\226\302\277\356\243\314\217_\311|\257+\256", 20) = 20 | |
| 13435 05:43:50 read(6, "\3\233\240\213\336i\335u\235\333p\206V\335\310v\16\376\372|4\220\247\334\v\344\\\361Z<=\260", 32) = 32 | |
| 13435 05:43:50 read(6, "\2141\312L1\322\367G\272\27a\310\304{8\205\355\t8M@XQ\200\307\242y)\235H\312\272", 32) = 32 | |
| 13435 05:43:50 read(6, "\345tG\206\r\36\35\313.\0\252\374\377}\2\277\353\316\312\336\246\353\307\307\366\237d\205\3\214H\341", 32) = 32 | |
| 13435 05:43:50 read(6, "\230\322z<\2160\317\310\343\364\366\30+p\355s\33&\30\34\305\221QIk~\237K\273J2f", 32) = 32 | |
| 13435 05:43:50 read(6, "\253\2\314\270\355h\24s\315\0059j8\31\350\33\276\244\367\316\7\333\327\257?\314\265\344(\210\32\302", 32) = 32 | |
| 13435 05:43:50 read(6, "E&n\265\237\36\226\25?.\20\313\247\276\270\337\332\222\241#?\304\233\27\370\333^C\267\247c;", 32) = 32 | |
| 13435 05:43:50 read(6, "s+\367\24SQ8b\274\367b\32q\315\241\36'\5\261\310A\354\317\340j'\243\310\362\361e\216", 32) = 32 | |
| 13435 05:43:50 read(6, "K[\\T\264\210\30!\373\252\0\21\7\225\2631*\237\306\256x`2\240R\2266\257g+\341c", 32) = 32 | |
| 13435 05:43:50 read(6, "\230\33P\242;\236\251t\303\243S\324\232!\245+\332v\270\316\303\34\216\316j\4\344\357vd\32a", 32) = 32 | |
| 13435 05:43:50 read(6, "\245\274q y\311{\270\21.\3570Pv\371j\23\360\230\257\212\365\3\25w(\20;\265\34\276\367", 32) = 32 | |
| 13435 05:43:50 read(6, "d\34K\220\204\251^\247Z\242c\223\2\265C\372\263\241\344\325\244\312*BBG\210\314\327\257-\266", 32) = 32 | |
| 13435 05:43:50 read(6, "1\2520\202Q\320o\335v\276*\230\324O\310\252\0\214\372\273$\331\302\264)\364T\2515+\351\360", 32) = 32 | |
| 13435 05:43:50 read(6, "\213L?\353\204V\277\356\0054e\313\312{?z[\307\215_\367q\254_^\243^\270\301\320\376\233", 32) = 32 | |
| 13435 05:43:50 read(6, "\336\231\2347eg5\373\25\332f\322\216\350\21\354\224N\361\252\333\364{\232T\272\331g\343\245${", 32) = 32 | |
| 13435 05:43:50 read(6, "T@\252\2\304\35:\326\274\0\225\25\354\327~\211\271\244\356\241\317\376\235\27LtT\374\372,\251\234", 32) = 32 | |
| 13435 05:43:50 read(6, "\340\315zl\2005\342\346\374m\343\347-#V\226\2017\243\236h\321o<0*s]\310r,\347", 32) = 32 | |
| 13435 05:43:50 read(6, "\27\260E\226\342W\257#3\370\224\360\311\205\2F\36\257\356>V\371V)\307\177\357\0\247\302\310\320", 32) = 32 | |
| 13435 05:43:50 read(6, "0\334\277=\21~\270\256\272\312\334?]\2534clH\326J\336E\350\274\24\221\274\32\327\2706\372", 32) = 32 | |
| 13435 05:43:50 read(6, "$\225\217\235<\346\332\353Y^\261\345\376\325\233j\31\r\271Vd\246\177\304\225$\344Z\204F\237\331", 32) = 32 | |
| 13435 05:43:50 read(6, "\337q\224rx\257\376b\323\215\7~w'{\327\243\321t\301\246\262\375\345-\273\254s\375\337. ", 32) = 32 | |
| 13435 05:43:50 read(6, "\rI\347LR\224\215\336\342\324\265\26\327\326\252N:\2705\257O\347bI\327\342G\301\r\37,n", 32) = 32 | |
| 13435 05:43:50 read(6, "\361\332\251%\254\222\27_\215\nX\235\345\32\372\r?V\236k\37\\5\27`0\306\25IQ\351\7", 32) = 32 | |
| 13435 05:43:50 read(6, "!\272\240\241S\215**-j\323\"$\210\335\365\f%d(\3764\276P?\355\346*\377\211\250^", 32) = 32 | |
| 13435 05:43:50 read(6, "\220\37\230f\306\310\222\342\334:EJn\377L\21\242,^q~\247\215\2209\35\202\247\177\210\341\264", 32) = 32 | |
| 13435 05:43:50 read(6, "\202\10\37\363*\311\350\6a:HU\257\204\36&H\330\4V.\225\3343\313\177\0\371+\266\336\234", 32) = 32 | |
| 13435 05:43:50 read(6, "\275n{h\2473\212\\o\352\3\235\nD\360\7\365o\31g8\26Iv\333\305\372K\326\264\245|", 32) = 32 | |
| 13435 05:43:50 read(6, "\230\261`7\372\342\202\306PP\34\300\23\210\377\351\317o\305\236\366!\25\357e\257/v\325L\235?", 32) = 32 | |
| 13435 05:43:50 read(6, "\337\0\312\"\303\10T\264V(\25\336\251?\330 \263\6\3452c)$\341\220\357i\321\205\254\331\0", 32) = 32 | |
| 13435 05:43:50 read(6, "\360\276h\311\353\t\347\321O?\25\263\232\307\377\305\310]Oz\373\234\233]V\367\361\33\"\223P[", 32) = 32 | |
| 13435 05:43:50 read(6, "\374tv\233~\336\241\216\210YD\240T\17\207\275\334\271\250\313k\263\315\241&\30\370(\24!\4\23", 32) = 32 | |
| 13435 05:43:50 read(6, "\244\310_\354\225\360E\\\244\25\247\206\37C\36\316\315d\30M\312B\334\324\1\300\211\3658\262e\214", 32) = 32 | |
| 13435 05:43:50 read(6, "\0kr\330d\213x\223\3042\262\235\330\365\20\345\301\352\363\257\362\261\330B\6@\26<\201\251\311m", 32) = 32 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 13408 05:26:40 access("/dev/urandom", R_OK) = 0 | |
| 13408 05:26:40 access("/dev/urandom", R_OK) = 0 | |
| 13408 05:26:40 access("/dev/urandom", R_OK) = 0 | |
| 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 5 | |
| 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 6 | |
| 13408 05:26:40 access("/dev/random", R_OK) = 0 | |
| 13408 05:26:40 access("/dev/random", R_OK) = 0 | |
| 13408 05:26:40 open("/dev/random", O_RDONLY) = 7 | |
| 13408 05:26:40 open("/dev/random", O_RDONLY) = 8 | |
| 13408 05:26:40 access("/dev/urandom", R_OK) = 0 | |
| 13408 05:26:40 access("/dev/urandom", R_OK) = 0 | |
| 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 9 | |
| 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 10 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out | |
| 13408 05:26:40 read(5, "\333\210c\265<eu\10\223\242\231d=vG\325\17\260f\310", 20) = 20 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/urandom|source=file:/dev/\./urandom|" jre/lib/security/java.security | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep source jre/lib/security/java.security | |
| # Sun Provider SecureRandom seed source. | |
| # Select the primary source of seed data for the "SHA1PRNG" and | |
| # specified by the "securerandom.source" Security property. If an | |
| # "securerandom.source" Security property. | |
| securerandom.source=file:/dev/./urandom | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | |
| provider: NativePRNG egdUrl: file:/dev/./urandom | |
| provider: NativePRNG.MIXED seedFile: /dev/./urandom nextFile: /dev/urandom | |
| Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] | |
| Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] | |
| provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random | |
| Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] | |
| provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 12985 05:10:35 access("/dev/./urandom", R_OK) = 0 | |
| 12985 05:10:35 access("/dev/./urandom", R_OK) = 0 | |
| 12985 05:10:35 access("/dev/urandom", R_OK) = 0 | |
| 12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 5 | |
| 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 6 | |
| 12985 05:10:35 access("/dev/random", R_OK) = 0 | |
| 12985 05:10:35 access("/dev/random", R_OK) = 0 | |
| 12985 05:10:35 open("/dev/random", O_RDONLY) = 7 | |
| 12985 05:10:35 open("/dev/random", O_RDONLY) = 8 | |
| 12985 05:10:35 access("/dev/urandom", R_OK) = 0 | |
| 12985 05:10:35 access("/dev/urandom", R_OK) = 0 | |
| 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 9 | |
| 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 10 | |
| 12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 11 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out | |
| 13047 05:13:58 access("/dev/./urandom", R_OK) = 0 | |
| 13047 05:13:58 access("/dev/./urandom", R_OK) = 0 | |
| 13047 05:13:58 access("/dev/urandom", R_OK) = 0 | |
| 13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 5 | |
| 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 6 | |
| 13047 05:13:58 access("/dev/random", R_OK) = 0 | |
| 13047 05:13:58 access("/dev/random", R_OK) = 0 | |
| 13047 05:13:58 open("/dev/random", O_RDONLY) = 7 | |
| 13047 05:13:58 open("/dev/random", O_RDONLY) = 8 | |
| 13047 05:13:58 access("/dev/urandom", R_OK) = 0 | |
| 13047 05:13:58 access("/dev/urandom", R_OK) = 0 | |
| 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 9 | |
| 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 10 | |
| 13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 11 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(11" srt.out | |
| 13082 05:16:34 read(11, "\343}t\330-\10\262y\3142O\211\224\211I\350N@\216G", 20) = 20 | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out | |
| root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out | |
| **** Okay, now some Open JDK 7 behaviour **** | |
| root@ip-10-213-153-146:~# java -version | |
| java version "1.7.0_65" | |
| OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1) | |
| OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode) | |
| root@ip-10-213-153-146:~# grep source /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | |
| # Select the source of seed data for SecureRandom. By default an | |
| # the securerandom.source property. If an exception occurs when | |
| securerandom.source=file:/dev/urandom | |
| # Specifying this system property will override the securerandom.source | |
| root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest | more | |
| Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] | |
| Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] | |
| root@ip-10-213-153-146:~# javac SecureRandomTest.java | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 12132 03:59:58 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 12132 03:59:58 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 12132 03:59:58 open("/dev/random", O_RDONLY) = 12 | |
| 12132 03:59:58 open("/dev/urandom", O_RDONLY) = 13 | |
| root@ip-10-213-153-146:~# grep "read(12" srt.out | |
| root@ip-10-213-153-146:~# grep "read(13" srt.out | |
| 12132 03:59:58 read(13, "o\246\205\332\236\222i\333ox\300\10\263\27M\332\264\327\375\312", 20) = 20 | |
| 12132 03:59:58 read(13, "\243U&\24%\234\6\4\241\350v\331(q\276ZC\21dJ\26f9\177\343\2466\2\314F\235g", 32) = 32 | |
| 12132 03:59:58 read(13, "\30\323\367\275#{i<\277&A\374j]^\332\274j{j\375\261\372\265\22\254\307\"\220\37?\1", 32) = 32 | |
| 12132 03:59:58 read(13, "J\244\232YH\205ph\237T\321\251V?\264\v\361\273\2\273\345&\354k4!\32=_\2)\301", 32) = 32 | |
| 12132 03:59:58 read(13, "D,{\223_I\255\240\351\3554Gjl\201H\3747\313IDn>\362G\231\263\273b\361\213A", 32) = 32 | |
| 12132 03:59:58 read(13, "Y!G\312N\341N\363\273\242`\365u\366\4\301`X\266L\261]W\307\355]\232\355M\206\344F", 32) = 32 | |
| 12132 03:59:58 read(13, "O\6.\5\r\231\20T\242\3655\351\24\262\355\305\202(\263\376)\237%`\21Ss\222\202\304^>", 32) = 32 | |
| 12132 03:59:58 read(13, "X\305\3636I>v\35\257M\344`\371(\6\313\327\261\202^\2\247\244\260\261\377\305\2\310f\243u", 32) = 32 | |
| 12132 03:59:58 read(13, "\353\r\311\225i\245\274\20f1]\276KYE\270U\242\360\212Z\222i]}\333\210\t\213\273PS", 32) = 32 | |
| 12132 03:59:58 read(13, "pL\323\241\202\213G\332\n`\7\316\223K\305\336g\356\237G\357\242\257DAHN5D\350H_", 32) = 32 | |
| 12132 03:59:58 read(13, "\274\361\203-_\260O\333 \352]\2\237\337W\32\202<D\211r%#oh\22]\211\363\25\255v", 32) = 32 | |
| 12132 03:59:58 read(13, "\202{E\31\357\236\347\354i\266\333\353\"M\310=\224\216\224\246\fS\17RX\6\260m4\337D\267", 32) = 32 | |
| 12132 03:59:58 read(13, "\322~@7\301\201\342z0\rq\27\22\340g\0=}\203/\321p\252A\264\321\334\21\270E3U", 32) = 32 | |
| 12132 03:59:58 read(13, "uA=\355\7\210\362\204r\v\2\376=w\335}\36O\232\4a\301\24\16igfZ\233\300\350\177", 32) = 32 | |
| 12132 03:59:58 read(13, "\0104\261\212\224\237&\240\322\3538\267\373J\336w\2558#\325\364\fF2g\241\341\275\230t\v\311", 32) = 32 | |
| 12132 03:59:58 read(13, "\300\232\344\307\210\300\1\257@[\260\310\232RF\225\235\320\221\356Gwn\240w[R\300\325\222\n\273", 32) = 32 | |
| 12132 03:59:58 read(13, "\3529\375_(Tqg\361\345\316\21\341\vy\217\341\205T\257\204\v!\244n\336\263A\202\301\f\225", 32) = 32 | |
| 12132 03:59:58 read(13, "\3426\2512\271\0\\\211B\325\373|\223t\375\370%\362\32\334S\33\230\263ym\332_\2\237\245(", 32) = 32 | |
| 12132 03:59:58 read(13, "\31\351\307\234\325\233w3g\271\220\f\35\227u8\325\27\305\341k\204\205\216\330\22)\2513\361a\25", 32) = 32 | |
| 12132 03:59:58 read(13, "\354\260\335\350NR\206\203X\322\257\1\313\235\320\342\221R\212z\17\270[\351\313\344\211\272\325\233+`", 32) = 32 | |
| 12132 03:59:58 read(13, ":\233\254\226\355\346<\0319+\214\335xN\16y\36\17\204}\3522\264\273\30c\310\325W.\363R", 32) = 32 | |
| 12132 03:59:58 read(13, "d3k\261f([\355.}i\342w\317\274a\210r\21\310$?4\344\353\325U\31\366\336\367\345", 32) = 32 | |
| 12132 03:59:58 read(13, "\374\"\316#,\243\203\220W\366\226\227\255g\342fc\366h@\215\273\260-\4\243\35\246\33\220\372p", 32) = 32 | |
| 12132 03:59:58 read(13, "\356\213\267 0R\215s\2005\375\10\345\177A\336\322\337\353\352\315\332\355\\\27\252\4\234#\252\366i", 32) = 32 | |
| 12132 03:59:58 read(13, "H\371t\341\240\3044\312\356\311\376g\206@\0\374\346\rF\207\334\22\2-mA\375\3563>9\337", 32) = 32 | |
| 12132 03:59:58 read(13, "\212\33\256\335\327*\215oiE\331\341`\230\35\365\256\361J:\3564\3749\266\210\243t\34\17F4", 32) = 32 | |
| 12132 03:59:58 read(13, "\23\275\32\36E)kb\214-i\20n\\\225p\366\356\370\373\300\247\211\325\254\236\334\355\246\272\17L", 32) = 32 | |
| 12132 03:59:58 read(13, "\364}}\6\255*\314\355m\333\6X\234\3063\31_\270\f#\201D\313]\3757~\6\325\253\226\23", 32) = 32 | |
| 12132 03:59:58 read(13, "\276o\10\253\333\354\312\211 \6\240\322(\234W\354\254c^\365L\375(]\3555@\201\324F\24\n", 32) = 32 | |
| 12132 03:59:58 read(13, "\314\2273\321\246\372\337\3117\16Twl\200\241\236\275Y\233l\211\312sc\274h\37l\327\253\304\360", 32) = 32 | |
| 12132 03:59:58 read(13, "\223\276u?\260\305\3\306\3536B\377\344-\237\35kf\305\334\4}\241\6\267?\353\224\232zEh", 32) = 32 | |
| 12132 03:59:58 read(13, "\305\360\267\344\340\224n\357\374\332\326\322\220\243\345\321.Ae\273 \"#\2647\217\331\253\5E\240{", 32) = 32 | |
| 12132 03:59:58 read(13, "F3\263\354\240\340^\317\372\37\370\2162\334W\361\21\346\362z\324\323\37\237\2\337g\334\5\317_\346", 32) = 32 | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 13549 06:10:50 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 13549 06:10:50 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 13549 06:10:50 open("/dev/random", O_RDONLY) = 12 | |
| 13549 06:10:50 open("/dev/urandom", O_RDONLY <unfinished ...> | |
| 13549 06:10:50 open("/dev/random", O_RDONLY) = 14 | |
| root@ip-10-213-153-146:~# grep "read(12" srt.out | |
| root@ip-10-213-153-146:~# grep "read(14" srt.out | |
| 13549 06:10:50 read(14, "\233'G\30\277\331w\233\326s34\f\343\213R\253", 20) = 17 | |
| 13549 06:10:50 read(14, "\377\274}", 3) = 3 | |
| root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/urandom|source=file:/dev/random|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | |
| root@ip-10-213-153-146:~# cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | grep source | |
| # Select the source of seed data for SecureRandom. By default an | |
| # the securerandom.source property. If an exception occurs when | |
| securerandom.source=file:/dev/random | |
| # Specifying this system property will override the securerandom.source | |
| root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest | |
| Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] | |
| Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 12212 04:07:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 12212 04:07:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 12212 04:07:13 open("/dev/random", O_RDONLY) = 12 | |
| 12212 04:07:13 open("/dev/urandom", O_RDONLY) = 13 | |
| 12212 04:07:13 open("/dev/random", O_RDONLY) = 14 | |
| root@ip-10-213-153-146:~# grep "read(12" srt.out | |
| 12217 04:07:13 read(12, <unfinished ...> | |
| root@ip-10-213-153-146:~# grep "read(13" srt.out | |
| root@ip-10-213-153-146:~# grep "read(14" srt.out | |
| 12212 04:07:13 read(14, "\212\234@Z\251|mO\4\300\360C\303\311\307\214\343\357\264\354", 20) = 20 | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 13285 05:21:17 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 13285 05:21:17 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 13285 05:21:17 open("/dev/random", O_RDONLY) = 5 | |
| 13285 05:21:17 open("/dev/urandom", O_RDONLY) = 6 | |
| root@ip-10-213-153-146:~# grep "read(5" srt.out | |
| 13285 05:21:17 read(5, "*|\27\302\202I\351\331\214K'@H\10\312\177", 20) = 16 | |
| 13285 05:21:17 read(5, "C\331\262\205", 4) = 4 | |
| root@ip-10-213-153-146:~# grep "read(6" srt.out | |
| root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/random|source=file:/dev/\./urandom|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 12939 05:06:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 12939 05:06:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 12939 05:06:13 open("/dev/random", O_RDONLY) = 12 | |
| 12939 05:06:13 open("/dev/urandom", O_RDONLY) = 13 | |
| 12939 05:06:13 open("/dev/./urandom", O_RDONLY) = 14 | |
| root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 | |
| root@ip-10-213-153-146:~# grep random srt.out | |
| 13129 05:17:39 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 | |
| 13129 05:17:39 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 | |
| 13129 05:17:39 open("/dev/random", O_RDONLY) = 12 | |
| 13129 05:17:39 open("/dev/urandom", O_RDONLY) = 13 | |
| 13129 05:17:39 open("/dev/./urandom", O_RDONLY) = 14 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment