United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6202721 SHA1PRNG reads from /dev/random even if /dev/urandom selected
JDK-6202721 : SHA1PRNG reads from /dev/random even if /dev/urandom selected

Details
Type:
Bug
Submit Date:
2004-12-01
Status:
Closed
Updated Date:
2013-04-12
Project Name:
JDK
Resolved Date:
2006-11-28
Component:
security-libs
OS:
linux,generic
Sub-Component:
java.security
CPU:
x86,generic
Priority:
P4
Resolution:
Not an Issue
Affected Versions:
5.0,5.0u6,5.0u11,6,6u13
Fixed Versions:

Related Reports
Duplicate:
Duplicate:
Duplicate:
Relates:

Sub Tasks

Description
If you do

import java.security.SecureRandom;
class JRand {
  public static void main(String args[]) throws Exception {
    System.out.println("Ok: " +
      SecureRandom.getInstance("SHA1PRNG").nextLong());
  }
}

then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

                                    

Comments
WORK AROUND

Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")'

###@###.### 2004-12-01 22:30:25 GMT
                                     
2004-12-01
EVALUATION

Right.

###@###.### 2005-04-18 21:35:12 GMT
                                     
2005-04-18
WORK AROUND

Alternatively, set securerandom.source to file:/dev/./urandom 

With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.
                                     
2006-07-15
EVALUATION

The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.
                                     
2006-11-28
Should be clearer as a result of this bug.
                                     
2013-04-12



Hardware and Software, Engineered to Work Together