JDK-6577564 : Add notes on possible block of SecureRandom.generateSeed()/nextBytes()
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2007-07-06
  • Updated: 2014-06-06
  • Resolved: 2012-02-04
Related Reports
Duplicate :  
Relates :  
Users find it confused that sometimes a call to SecureRandom.generateSeed() may hang the system. Since this method needs to gather entropy from a random source, this is inevitable if the source is a special device (say, /dev/random). We may need to document this behavior.

Wrong duplicate bug id. Fixed.

EVALUATION In the API, this was addressed in the early days of JDK7 by: 6521844: SecureRandom hangs on Linux Systems As part of the cleanup for 6425477, I will be documenting this in the Sun Providers, so I'll be closing this as part of that bug.

EVALUATION There are 2 places that the document can be clarified: 1. In the API spec of SecureRandom, we can add "Depending on the implementation, the generateSeed() and nextBytes() methods may block as entropy is being gathered..." 2. In the security guide of Sun JDK, we can further describe how Sun's various implementations behave.