JDK-6577564 : Add notes on possible block of SecureRandom.generateSeed()/nextBytes()
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2007-07-06
  • Updated: 2014-06-06
  • Resolved: 2012-02-04
Related Reports
Duplicate :  
JDK-6521844 - SecureRandom hangs on Linux Systems
Relates :  
JDK-8046113 - JEP 123: Configurable Secure Random-Number Generation
Description
Users find it confused that sometimes a call to SecureRandom.generateSeed() may hang the system. Since this method needs to gather entropy from a random source, this is inevitable if the source is a special device (say, /dev/random). We may need to document this behavior.
Comments
Wrong duplicate bug id. Fixed.
15-12-2012
EVALUATION In the API, this was addressed in the early days of JDK7 by: 6521844: SecureRandom hangs on Linux Systems As part of the cleanup for 6425477, I will be documenting this in the Sun Providers, so I'll be closing this as part of that bug.
04-02-2012
EVALUATION There are 2 places that the document can be clarified: 1. In the API spec of SecureRandom, we can add "Depending on the implementation, the generateSeed() and nextBytes() methods may block as entropy is being gathered..." 2. In the security guide of Sun JDK, we can further describe how Sun's various implementations behave.
06-07-2007