javatomcatjbossweblogic

java slow : entropy related issue


I am running into an issue where java is slow when used over SSL. The solution is to add

-Djava.security.egd=file:/dev/./urandom
to java at the command line. Since I have multiple JVM's, I dont want to modify every single JVM to contain this string and hence would like to add it to the file
$JAVA_HOME/jre/lib/security/java.security

Now, the java.security file already contains

securerandom.source=file:/dev/urandom

Two questions on this :

  1. Why and how is "/dev/urandom" different from "/dev/./urandom". Why doesnt java accept "/dev/urandom"
  2. For the JVM's that I have running, how can I tell whether they are using the correct urandmon device (vs random)

Solution

  • This is actually a hack introduced into the JVM back in 1.3 or 1.4 days.

    The basic issue is that in the native JVM code they hardcoded /dev/urandom to actually use /dev/random to attempt to ensure sufficient entropy. Since /dev/urandom is supposed to be guaranteed not to block, this has the unintended consequence of blocking if not enough entropy is available.

    The hardcoding looks specifically for the string /dev/urandom, so providing something that resolves to the same thing but doesn't match that causes the desired behavior. If you code /dev/./urandom you bypass the hardcoded aliasing and get to the intended urandom entropy source.