JDK-6202721 : SHA1PRNG reads from /dev/random even if /dev/urandom selected
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0,5.0u6,5.0u11,6,6u13
  • Priority: P4
  • Status: Closed
  • Resolution: Not an Issue
  • OS: generic,linux
  • CPU: generic,x86
  • Submitted: 2004-12-01
  • Updated: 2013-04-12
  • Resolved: 2006-11-28
Related Reports
Duplicate :  
Duplicate :  
Duplicate :  
Relates :  
If you do

import java.security.SecureRandom;
class JRand {
  public static void main(String args[]) throws Exception {
    System.out.println("Ok: " +

then SecureRandom will read from /dev/random even if securerandom.source is configured to use /dev/urandom. This is a problem if /dev/urandom was chosen because /dev/random is not working properly.

The root cause is that 4705093 assigned special meaning to the string "/dev/urandom".

Should be clearer as a result of this bug.

EVALUATION The new behavior is as intended, closing as not-a-bug. If the 1.4.2 behavior is required, use either of the workarounds listed above. Note that both workarounds work on 1.4.2 and 5.0 and exhibit the exactly same behavior.

WORK AROUND Alternatively, set securerandom.source to file:/dev/./urandom With that setting in JDK 5.0, the behavior will be exactly the same as with file:/dev/urandom in 1.4.2.

EVALUATION Right. ###@###.### 2005-04-18 21:35:12 GMT

WORK AROUND Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")' ###@###.### 2004-12-01 22:30:25 GMT