JDK-6202721

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6202721

 

JDK-6202721 : SHA1PRNG reads from /dev/random even if /dev/urandom selected

Details

 

Type:
Bug
Submit Date:
2004-12-01
Status:
Closed
Updated Date:
2013-04-12
Project Name:
JDK
Resolved Date:
2006-11-28
Component:
security-libs
OS:
linux,generic
Sub-Component:
java.security
CPU:
x86,generic
Priority:
P4
Resolution:
                                                                        Not an Issue                                                                   
Affected Versions:
5.0,5.0u6,5.0u11,6,6u13                                
Fixed Versions:
 

 

Related Reports

 

Duplicate:
Duplicate:
Duplicate:
Relates:
 

 

Sub Tasks

 

 

 

Description

 

If you do

import java.security.SecureRandom;
class JRand {
  public static void main(String args[]) throws Exception {
    System.out.println("Ok: " +
      SecureRandom.getInstance("SHA1PRNG").nextLong());
  }
}

then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

                                    
 

 

Comments

 

Should be clearer as a result of this bug.
                                     
2013-04-12 
EVALUATION

The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.
                                     
2006-11-28 
WORK AROUND

Alternatively, set securerandom.source to file:/dev/./urandom 

With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.
                                     
2006-07-15 
EVALUATION

Right.

###@###.### 2005-04-18 21:35:12 GMT
                                     
2005-04-18 
WORK AROUND

Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")'

###@###.### 2004-12-01 22:30:25 GMT
                                     

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值