JDK-6202721 : SHA1PRNG reads from /dev/random even if /dev/urandom selected
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0,5.0u6,5.0u11,6,6u13
  • Priority: P4
  • Status: Closed
  • Resolution: Not an Issue
  • OS: generic,linux
  • CPU: generic,x86
  • Submitted: 2004-12-01
  • Updated: 2013-04-12
  • Resolved: 2006-11-28
Related Reports
Duplicate :  
JDK-6708214 - java.security.SecureRandom.nextBytes() takes a long time.
Duplicate :  
JDK-6850614 - PKCS12 Keystore.store blocks if using NativePRNG, it doesn't follow securerandom.source
Duplicate :  
JDK-6366924 - REGRESSION: securerandom.source and/or java.security.egd dont work in 1.5.0_05
Relates :  
JDK-6521844 - SecureRandom hangs on Linux Systems
Description
If you do

import java.security.SecureRandom;
class JRand {
  public static void main(String args[]) throws Exception {
    System.out.println("Ok: " +
      SecureRandom.getInstance("SHA1PRNG").nextLong());
  }
}

then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".
Comments
Should be clearer as a result of this bug.
12-04-2013
EVALUATION The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.
28-11-2006
WORK AROUND Alternatively, set securerandom.source to file:/dev/./urandom With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.
15-07-2006
EVALUATION Right. ###@###.### 2005-04-18 21:35:12 GMT
18-04-2005
WORK AROUND Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")' ###@###.### 2004-12-01 22:30:25 GMT
01-12-2004