Skip to content

Instantly share code, notes, and snippets.

@svrc-personal
Last active May 11, 2020 15:39
Show Gist options
  • Save svrc-personal/5a8accc57219b9548fe1 to your computer and use it in GitHub Desktop.
Save svrc-personal/5a8accc57219b9548fe1 to your computer and use it in GitHub Desktop.
JDK 8 seems to use /dev/urandom and /dev/random more sensibly
Summary of Behaviour:
A. OpenJDK 7 b65.
1. Default in java.security is securerandom.source=/dev/urandom
2. If securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random
3. if securerandom.source=/dev/random, then SHA1PRNG is used. Initial seed is blocking via /dev/random. No other accesses.
4. If securerandom.source=/dev/./urandom then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses.
B. Oracle JDK 8 b25.
1. Default in java.security is securerandom.source=/dev/random.
2. if securerandom.source=/dev/random, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random
3. if securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is non-blocking via /dev/urandom
4. if securerandom.source=/dev/./urandom, then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses
NOTES from strace tests, looking at what file handles are read from
(Apoligies these aren't super clear or necessarily complete -- as I ran these out of order and collated them)
Test #1 - SecureRandom.getBytes()
import java.security.*;
public class SecureRandomTest {
public static void main(String[] args) {
SecureRandom sr = new SecureRandom();
byte[] b = new byte[1024];
sr.nextBytes(b);
}
}
Test #2 - SecureRandom.generateSeed(20)
import java.security.*;
public class SecureRandomTest2 {
public static void main(String[] args) {
SecureRandom sr = new SecureRandom();
sr.generateSeed(20);
}
}
root@ip-10-213-153-146:~# lsb_release -d
Description: Ubuntu 14.04.1 LTS
root@ip-10-213-153-146:~/jdk1.8.0_25# java -version
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
root@ip-10-213-153-146:~/jdk1.8.0_25# cat jre/lib/security/java.security | grep source
# Sun Provider SecureRandom seed source.
# Select the primary source of seed data for the "SHA1PRNG" and
# specified by the "securerandom.source" Security property. If an
# "securerandom.source" Security property.
securerandom.source=file:/dev/random
root@ip-10-213-153-146:~/jdk1.8.0_25# javac SecureRandomTest.java
root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more
provider: NativePRNG egdUrl: file:/dev/random
provider: NativePRNG.MIXED seedFile: /dev/random nextFile: /dev/urandom
Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG]
Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom]
provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random
Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking]
provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom
..snip..
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
3347 03:28:23 access("/dev/random", R_OK) = 0
3347 03:28:23 access("/dev/random", R_OK) = 0
3347 03:28:23 access("/dev/urandom", R_OK) = 0
3347 03:28:23 open("/dev/random", O_RDONLY) = 5
3347 03:28:23 open("/dev/urandom", O_RDONLY) = 6
3347 03:28:23 access("/dev/random", R_OK) = 0
3347 03:28:23 access("/dev/random", R_OK) = 0
3347 03:28:23 open("/dev/random", O_RDONLY) = 7
3347 03:28:23 open("/dev/random", O_RDONLY) = 8
3347 03:28:23 access("/dev/urandom", R_OK) = 0
3347 03:28:23 access("/dev/urandom", R_OK) = 0
3347 03:28:23 open("/dev/urandom", O_RDONLY) = 9
3347 03:28:23 open("/dev/urandom", O_RDONLY) = 10
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out
3347 03:28:23 read(6, "\253F\22{Qh;\262\356\3454\227\2716\316u\305\n\16x", 20) = 20
3347 03:28:23 read(6, "W\7\323ae&\351w\254\327ER\276O\376\7;y6\6\375\3224\314\205\221\253V\34}s\332", 32) = 32
3347 03:28:23 read(6, "\354\220i\251\246b;\370\331\230\251>\346x\305/;\v\21\357\373\250\216\16\340\20\203sDY\345\233", 32) = 32
3347 03:28:23 read(6, "\342\23c\177B\200\5VpK\324\21\220?\230[\220\37\363\254\253\257\f\327\"\275\211p)\325\337@", 32) = 32
3347 03:28:23 read(6, "\364ME\262b\264\342U\200R\261\252\f\t\274u{a\343\313\356\223?\5\315/\200\204p;\23*", 32) = 32
3347 03:28:23 read(6, "Mm&\236\247\341=\221!\36\26\270{\262\345lW\355\215\352Fe\244\204H\354(Q\235\2\373\250", 32) = 32
3347 03:28:23 read(6, "\253i\272\250\216\324\"\374elj\263\33)'\376\177\326\345\341@\2010\365\0052\317!\327\243&\v", 32) = 32
3347 03:28:23 read(6, "\215\20o\372\204\360\303\262bo\256\200\210:\210\240U\376d\236\\\244|^\220}Q8X\211\"\6", 32) = 32
3347 03:28:23 read(6, "\366\256\31\2\230V4\335\364\2231\332;\4\t\373\265Uq7\3313\227:\233|5h\334\344\232\212", 32) = 32
3347 03:28:23 read(6, "\3N\0\2019l{\353)#>r\322M\215\1772\225HKd!\207\327U\365\35x\341\342\305\267", 32) = 32
3347 03:28:23 read(6, "\236\327\232\363\20\335\227\255K\307\345=\237w\343@\302\221.\347\24\235\270\362@\343t\374\217%\272X", 32) = 32
3347 03:28:23 read(6, "P\270\244I|G\1\250\232\361f\261P\204v}00\235\351\215\3308o\345\337}\207|\307\323o", 32) = 32
3347 03:28:23 read(6, "\324\371\t\2G\267 \315% \221\274\275\253\372\333\6\230\237\320\305[\254\3675v\277\344\252\16\362\264", 32) = 32
3347 03:28:23 read(6, "\303\202(f\225\220\273\314\326\200x\307#XN\362U\245w\3542\23\256,\253g&\205\263@\340C", 32) = 32
3347 03:28:23 read(6, "p\31\3\344\362\254\26\34\330mf\244\r\264\252\335\0019\345\16\211\207\361~2\6\257\211\33+\30\265", 32) = 32
3347 03:28:23 read(6, "+0\234\334\207\302\343p@\223\352Wyw5\320\264n\302\302N\4B\244\r\1\0-\33\235<\301", 32) = 32
3347 03:28:23 read(6, "~\317\v\330\2376\24\37\255\365RA\3122\221\207\313\377\0071\257+\5\225Yf\240\221-$\363f", 32) = 32
3347 03:28:23 read(6, "\3475\1\305:\233\355[\26\205{\312\354)txS\313\301\301\203\367\304\265\\\204d\354;Q\236\7", 32) = 32
3347 03:28:23 read(6, "\3433\36\244T\tB\263J\304#\370\303\20\275pKM\272\234/\3\226%m\204Q\322\345\215\233\270", 32) = 32
3347 03:28:23 read(6, "F\361\230e\206\226\254\337'\351S\250\252\357\317\5\35!\356R\27{\274H\357\302\311 \17F\275\350", 32) = 32
3347 03:28:23 read(6, "\203tZp\275\r^\204nIE`\336S\26\20\366r\333Oy\276ib\237,\254\347nf\274r", 32) = 32
3347 03:28:23 read(6, "\226\223]\363]'\23\222\343_r\200\"[\366\235\v~\347\311\346\rqf{`\245\220\322\200\322\244", 32) = 32
3347 03:28:23 read(6, "\257\325]L0\305zA\224\201\233W\320\371\271\305I\17\344\202\v\24y\202\231s\313\266\240\246\376.", 32) = 32
3347 03:28:23 read(6, "\222\343\2\226\23\270\347\210\204\5\355\300\255\356\3\21\22PX\273'\273\300\375SO*W\256\237Q\344", 32) = 32
3347 03:28:23 read(6, "\23|\2332a\237\233\362f\"\217O\253\245\331\322\242\231\267`\263{\0\2214{\277\353U\r\6\237", 32) = 32
3347 03:28:23 read(6, "fy\215Z\325i\320\22\326\347\17:\315\246\f\367\260Yj\212\233c\37\245\304\323\336LuW\216\266", 32) = 32
3347 03:28:23 read(6, "\205\261\251\372\r\257\37\217\322?\310.\30a\7\34a\360dVG\236s\334\237d11\374W\363\356", 32) = 32
3347 03:28:23 read(6, "`<f\313l\273jy\371\340]xj9S\226w^N\351\315\264,\263\6\330\324u\352\336\2\324", 32) = 32
3347 03:28:23 read(6, "\311\257\274\302\26\346\17%\263\345=\323\310\355\334\363V\204\273\222O\225j\324ZK\f\366\275t\233m", 32) = 32
3347 03:28:23 read(6, "+\3244t\371\330n\237\6\341\5\221\317\227\344\366\f\231\33\261|J#\273z\232\n\361i\275\322\266", 32) = 32
3347 03:28:23 read(6, "\25h5\300d\342\302\200\256\320\266w\301!\1_\377\7\251\247}\335[_e\224\267\275V\342R\217", 32) = 32
3347 03:28:23 read(6, "\4\237\256\226\260\25501\255\374,\f\367\325\32\315\345\241\301>\363N\315\267\273\247q\314\251\4E\321", 32) = 32
3347 03:28:23 read(6, "\v\6 +\3465\33>YZ\0\346i\275\354\330\10\232sd\23\374\7\304\331\247\"y\356\373\305\250", 32) = 32
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
13385 05:24:41 access("/dev/random", R_OK) = 0
13385 05:24:41 access("/dev/random", R_OK) = 0
13385 05:24:41 access("/dev/urandom", R_OK) = 0
13385 05:24:41 open("/dev/random", O_RDONLY) = 5
13385 05:24:41 open("/dev/urandom", O_RDONLY) = 6
13385 05:24:41 access("/dev/random", R_OK) = 0
13385 05:24:41 access("/dev/random", R_OK) = 0
13385 05:24:41 open("/dev/random", O_RDONLY) = 7
13385 05:24:41 open("/dev/random", O_RDONLY) = 8
13385 05:24:41 access("/dev/urandom", R_OK) = 0
13385 05:24:41 access("/dev/urandom", R_OK) = 0
13385 05:24:41 open("/dev/urandom", O_RDONLY) = 9
13385 05:24:41 open("/dev/urandom", O_RDONLY) = 10
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out
13385 05:24:41 read(5, "\3f\221\21Z<\272\23\245q\243:H\363$!", 20) = 16
13385 05:24:41 read(5, "\241\351\22\6", 4) = 4
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/random|source=file:/dev/urandom|" jre/lib/security/java.security
root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more
provider: NativePRNG egdUrl: file:/dev/urandom
provider: NativePRNG.MIXED seedFile: /dev/urandom nextFile: /dev/urandom
Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG]
Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom]
provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random
Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking]
provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom
..snip..
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
13435 05:43:50 access("/dev/urandom", R_OK) = 0
13435 05:43:50 access("/dev/urandom", R_OK) = 0
13435 05:43:50 access("/dev/urandom", R_OK) = 0
13435 05:43:50 open("/dev/urandom", O_RDONLY) = 5
13435 05:43:50 open("/dev/urandom", O_RDONLY) = 6
13435 05:43:50 access("/dev/random", R_OK) = 0
13435 05:43:50 access("/dev/random", R_OK) = 0
13435 05:43:50 open("/dev/random", O_RDONLY) = 7
13435 05:43:50 open("/dev/random", O_RDONLY) = 8
13435 05:43:50 access("/dev/urandom", R_OK) = 0
13435 05:43:50 access("/dev/urandom", R_OK) = 0
13435 05:43:50 open("/dev/urandom", O_RDONLY) = 9
13435 05:43:50 open("/dev/urandom", O_RDONLY) = 10
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out
13435 05:43:50 read(6, "+\0033J\201\201{\226\302\277\356\243\314\217_\311|\257+\256", 20) = 20
13435 05:43:50 read(6, "\3\233\240\213\336i\335u\235\333p\206V\335\310v\16\376\372|4\220\247\334\v\344\\\361Z<=\260", 32) = 32
13435 05:43:50 read(6, "\2141\312L1\322\367G\272\27a\310\304{8\205\355\t8M@XQ\200\307\242y)\235H\312\272", 32) = 32
13435 05:43:50 read(6, "\345tG\206\r\36\35\313.\0\252\374\377}\2\277\353\316\312\336\246\353\307\307\366\237d\205\3\214H\341", 32) = 32
13435 05:43:50 read(6, "\230\322z<\2160\317\310\343\364\366\30+p\355s\33&\30\34\305\221QIk~\237K\273J2f", 32) = 32
13435 05:43:50 read(6, "\253\2\314\270\355h\24s\315\0059j8\31\350\33\276\244\367\316\7\333\327\257?\314\265\344(\210\32\302", 32) = 32
13435 05:43:50 read(6, "E&n\265\237\36\226\25?.\20\313\247\276\270\337\332\222\241#?\304\233\27\370\333^C\267\247c;", 32) = 32
13435 05:43:50 read(6, "s+\367\24SQ8b\274\367b\32q\315\241\36'\5\261\310A\354\317\340j'\243\310\362\361e\216", 32) = 32
13435 05:43:50 read(6, "K[\\T\264\210\30!\373\252\0\21\7\225\2631*\237\306\256x`2\240R\2266\257g+\341c", 32) = 32
13435 05:43:50 read(6, "\230\33P\242;\236\251t\303\243S\324\232!\245+\332v\270\316\303\34\216\316j\4\344\357vd\32a", 32) = 32
13435 05:43:50 read(6, "\245\274q y\311{\270\21.\3570Pv\371j\23\360\230\257\212\365\3\25w(\20;\265\34\276\367", 32) = 32
13435 05:43:50 read(6, "d\34K\220\204\251^\247Z\242c\223\2\265C\372\263\241\344\325\244\312*BBG\210\314\327\257-\266", 32) = 32
13435 05:43:50 read(6, "1\2520\202Q\320o\335v\276*\230\324O\310\252\0\214\372\273$\331\302\264)\364T\2515+\351\360", 32) = 32
13435 05:43:50 read(6, "\213L?\353\204V\277\356\0054e\313\312{?z[\307\215_\367q\254_^\243^\270\301\320\376\233", 32) = 32
13435 05:43:50 read(6, "\336\231\2347eg5\373\25\332f\322\216\350\21\354\224N\361\252\333\364{\232T\272\331g\343\245${", 32) = 32
13435 05:43:50 read(6, "T@\252\2\304\35:\326\274\0\225\25\354\327~\211\271\244\356\241\317\376\235\27LtT\374\372,\251\234", 32) = 32
13435 05:43:50 read(6, "\340\315zl\2005\342\346\374m\343\347-#V\226\2017\243\236h\321o<0*s]\310r,\347", 32) = 32
13435 05:43:50 read(6, "\27\260E\226\342W\257#3\370\224\360\311\205\2F\36\257\356>V\371V)\307\177\357\0\247\302\310\320", 32) = 32
13435 05:43:50 read(6, "0\334\277=\21~\270\256\272\312\334?]\2534clH\326J\336E\350\274\24\221\274\32\327\2706\372", 32) = 32
13435 05:43:50 read(6, "$\225\217\235<\346\332\353Y^\261\345\376\325\233j\31\r\271Vd\246\177\304\225$\344Z\204F\237\331", 32) = 32
13435 05:43:50 read(6, "\337q\224rx\257\376b\323\215\7~w'{\327\243\321t\301\246\262\375\345-\273\254s\375\337. ", 32) = 32
13435 05:43:50 read(6, "\rI\347LR\224\215\336\342\324\265\26\327\326\252N:\2705\257O\347bI\327\342G\301\r\37,n", 32) = 32
13435 05:43:50 read(6, "\361\332\251%\254\222\27_\215\nX\235\345\32\372\r?V\236k\37\\5\27`0\306\25IQ\351\7", 32) = 32
13435 05:43:50 read(6, "!\272\240\241S\215**-j\323\"$\210\335\365\f%d(\3764\276P?\355\346*\377\211\250^", 32) = 32
13435 05:43:50 read(6, "\220\37\230f\306\310\222\342\334:EJn\377L\21\242,^q~\247\215\2209\35\202\247\177\210\341\264", 32) = 32
13435 05:43:50 read(6, "\202\10\37\363*\311\350\6a:HU\257\204\36&H\330\4V.\225\3343\313\177\0\371+\266\336\234", 32) = 32
13435 05:43:50 read(6, "\275n{h\2473\212\\o\352\3\235\nD\360\7\365o\31g8\26Iv\333\305\372K\326\264\245|", 32) = 32
13435 05:43:50 read(6, "\230\261`7\372\342\202\306PP\34\300\23\210\377\351\317o\305\236\366!\25\357e\257/v\325L\235?", 32) = 32
13435 05:43:50 read(6, "\337\0\312\"\303\10T\264V(\25\336\251?\330 \263\6\3452c)$\341\220\357i\321\205\254\331\0", 32) = 32
13435 05:43:50 read(6, "\360\276h\311\353\t\347\321O?\25\263\232\307\377\305\310]Oz\373\234\233]V\367\361\33\"\223P[", 32) = 32
13435 05:43:50 read(6, "\374tv\233~\336\241\216\210YD\240T\17\207\275\334\271\250\313k\263\315\241&\30\370(\24!\4\23", 32) = 32
13435 05:43:50 read(6, "\244\310_\354\225\360E\\\244\25\247\206\37C\36\316\315d\30M\312B\334\324\1\300\211\3658\262e\214", 32) = 32
13435 05:43:50 read(6, "\0kr\330d\213x\223\3042\262\235\330\365\20\345\301\352\363\257\362\261\330B\6@\26<\201\251\311m", 32) = 32
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
13408 05:26:40 access("/dev/urandom", R_OK) = 0
13408 05:26:40 access("/dev/urandom", R_OK) = 0
13408 05:26:40 access("/dev/urandom", R_OK) = 0
13408 05:26:40 open("/dev/urandom", O_RDONLY) = 5
13408 05:26:40 open("/dev/urandom", O_RDONLY) = 6
13408 05:26:40 access("/dev/random", R_OK) = 0
13408 05:26:40 access("/dev/random", R_OK) = 0
13408 05:26:40 open("/dev/random", O_RDONLY) = 7
13408 05:26:40 open("/dev/random", O_RDONLY) = 8
13408 05:26:40 access("/dev/urandom", R_OK) = 0
13408 05:26:40 access("/dev/urandom", R_OK) = 0
13408 05:26:40 open("/dev/urandom", O_RDONLY) = 9
13408 05:26:40 open("/dev/urandom", O_RDONLY) = 10
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out
13408 05:26:40 read(5, "\333\210c\265<eu\10\223\242\231d=vG\325\17\260f\310", 20) = 20
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/urandom|source=file:/dev/\./urandom|" jre/lib/security/java.security
root@ip-10-213-153-146:~/jdk1.8.0_25# grep source jre/lib/security/java.security
# Sun Provider SecureRandom seed source.
# Select the primary source of seed data for the "SHA1PRNG" and
# specified by the "securerandom.source" Security property. If an
# "securerandom.source" Security property.
securerandom.source=file:/dev/./urandom
root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest
provider: NativePRNG egdUrl: file:/dev/./urandom
provider: NativePRNG.MIXED seedFile: /dev/./urandom nextFile: /dev/urandom
Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom]
Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG]
provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random
Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking]
provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
12985 05:10:35 access("/dev/./urandom", R_OK) = 0
12985 05:10:35 access("/dev/./urandom", R_OK) = 0
12985 05:10:35 access("/dev/urandom", R_OK) = 0
12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 5
12985 05:10:35 open("/dev/urandom", O_RDONLY) = 6
12985 05:10:35 access("/dev/random", R_OK) = 0
12985 05:10:35 access("/dev/random", R_OK) = 0
12985 05:10:35 open("/dev/random", O_RDONLY) = 7
12985 05:10:35 open("/dev/random", O_RDONLY) = 8
12985 05:10:35 access("/dev/urandom", R_OK) = 0
12985 05:10:35 access("/dev/urandom", R_OK) = 0
12985 05:10:35 open("/dev/urandom", O_RDONLY) = 9
12985 05:10:35 open("/dev/urandom", O_RDONLY) = 10
12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 11
root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out
13047 05:13:58 access("/dev/./urandom", R_OK) = 0
13047 05:13:58 access("/dev/./urandom", R_OK) = 0
13047 05:13:58 access("/dev/urandom", R_OK) = 0
13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 5
13047 05:13:58 open("/dev/urandom", O_RDONLY) = 6
13047 05:13:58 access("/dev/random", R_OK) = 0
13047 05:13:58 access("/dev/random", R_OK) = 0
13047 05:13:58 open("/dev/random", O_RDONLY) = 7
13047 05:13:58 open("/dev/random", O_RDONLY) = 8
13047 05:13:58 access("/dev/urandom", R_OK) = 0
13047 05:13:58 access("/dev/urandom", R_OK) = 0
13047 05:13:58 open("/dev/urandom", O_RDONLY) = 9
13047 05:13:58 open("/dev/urandom", O_RDONLY) = 10
13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 11
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(11" srt.out
13082 05:16:34 read(11, "\343}t\330-\10\262y\3142O\211\224\211I\350N@\216G", 20) = 20
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out
root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out
**** Okay, now some Open JDK 7 behaviour ****
root@ip-10-213-153-146:~# java -version
java version "1.7.0_65"
OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
root@ip-10-213-153-146:~# grep source /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security
# Select the source of seed data for SecureRandom. By default an
# the securerandom.source property. If an exception occurs when
securerandom.source=file:/dev/urandom
# Specifying this system property will override the securerandom.source
root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest | more
Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG]
Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom]
root@ip-10-213-153-146:~# javac SecureRandomTest.java
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~# grep random srt.out
12132 03:59:58 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
12132 03:59:58 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
12132 03:59:58 open("/dev/random", O_RDONLY) = 12
12132 03:59:58 open("/dev/urandom", O_RDONLY) = 13
root@ip-10-213-153-146:~# grep "read(12" srt.out
root@ip-10-213-153-146:~# grep "read(13" srt.out
12132 03:59:58 read(13, "o\246\205\332\236\222i\333ox\300\10\263\27M\332\264\327\375\312", 20) = 20
12132 03:59:58 read(13, "\243U&\24%\234\6\4\241\350v\331(q\276ZC\21dJ\26f9\177\343\2466\2\314F\235g", 32) = 32
12132 03:59:58 read(13, "\30\323\367\275#{i<\277&A\374j]^\332\274j{j\375\261\372\265\22\254\307\"\220\37?\1", 32) = 32
12132 03:59:58 read(13, "J\244\232YH\205ph\237T\321\251V?\264\v\361\273\2\273\345&\354k4!\32=_\2)\301", 32) = 32
12132 03:59:58 read(13, "D,{\223_I\255\240\351\3554Gjl\201H\3747\313IDn>\362G\231\263\273b\361\213A", 32) = 32
12132 03:59:58 read(13, "Y!G\312N\341N\363\273\242`\365u\366\4\301`X\266L\261]W\307\355]\232\355M\206\344F", 32) = 32
12132 03:59:58 read(13, "O\6.\5\r\231\20T\242\3655\351\24\262\355\305\202(\263\376)\237%`\21Ss\222\202\304^>", 32) = 32
12132 03:59:58 read(13, "X\305\3636I>v\35\257M\344`\371(\6\313\327\261\202^\2\247\244\260\261\377\305\2\310f\243u", 32) = 32
12132 03:59:58 read(13, "\353\r\311\225i\245\274\20f1]\276KYE\270U\242\360\212Z\222i]}\333\210\t\213\273PS", 32) = 32
12132 03:59:58 read(13, "pL\323\241\202\213G\332\n`\7\316\223K\305\336g\356\237G\357\242\257DAHN5D\350H_", 32) = 32
12132 03:59:58 read(13, "\274\361\203-_\260O\333 \352]\2\237\337W\32\202<D\211r%#oh\22]\211\363\25\255v", 32) = 32
12132 03:59:58 read(13, "\202{E\31\357\236\347\354i\266\333\353\"M\310=\224\216\224\246\fS\17RX\6\260m4\337D\267", 32) = 32
12132 03:59:58 read(13, "\322~@7\301\201\342z0\rq\27\22\340g\0=}\203/\321p\252A\264\321\334\21\270E3U", 32) = 32
12132 03:59:58 read(13, "uA=\355\7\210\362\204r\v\2\376=w\335}\36O\232\4a\301\24\16igfZ\233\300\350\177", 32) = 32
12132 03:59:58 read(13, "\0104\261\212\224\237&\240\322\3538\267\373J\336w\2558#\325\364\fF2g\241\341\275\230t\v\311", 32) = 32
12132 03:59:58 read(13, "\300\232\344\307\210\300\1\257@[\260\310\232RF\225\235\320\221\356Gwn\240w[R\300\325\222\n\273", 32) = 32
12132 03:59:58 read(13, "\3529\375_(Tqg\361\345\316\21\341\vy\217\341\205T\257\204\v!\244n\336\263A\202\301\f\225", 32) = 32
12132 03:59:58 read(13, "\3426\2512\271\0\\\211B\325\373|\223t\375\370%\362\32\334S\33\230\263ym\332_\2\237\245(", 32) = 32
12132 03:59:58 read(13, "\31\351\307\234\325\233w3g\271\220\f\35\227u8\325\27\305\341k\204\205\216\330\22)\2513\361a\25", 32) = 32
12132 03:59:58 read(13, "\354\260\335\350NR\206\203X\322\257\1\313\235\320\342\221R\212z\17\270[\351\313\344\211\272\325\233+`", 32) = 32
12132 03:59:58 read(13, ":\233\254\226\355\346<\0319+\214\335xN\16y\36\17\204}\3522\264\273\30c\310\325W.\363R", 32) = 32
12132 03:59:58 read(13, "d3k\261f([\355.}i\342w\317\274a\210r\21\310$?4\344\353\325U\31\366\336\367\345", 32) = 32
12132 03:59:58 read(13, "\374\"\316#,\243\203\220W\366\226\227\255g\342fc\366h@\215\273\260-\4\243\35\246\33\220\372p", 32) = 32
12132 03:59:58 read(13, "\356\213\267 0R\215s\2005\375\10\345\177A\336\322\337\353\352\315\332\355\\\27\252\4\234#\252\366i", 32) = 32
12132 03:59:58 read(13, "H\371t\341\240\3044\312\356\311\376g\206@\0\374\346\rF\207\334\22\2-mA\375\3563>9\337", 32) = 32
12132 03:59:58 read(13, "\212\33\256\335\327*\215oiE\331\341`\230\35\365\256\361J:\3564\3749\266\210\243t\34\17F4", 32) = 32
12132 03:59:58 read(13, "\23\275\32\36E)kb\214-i\20n\\\225p\366\356\370\373\300\247\211\325\254\236\334\355\246\272\17L", 32) = 32
12132 03:59:58 read(13, "\364}}\6\255*\314\355m\333\6X\234\3063\31_\270\f#\201D\313]\3757~\6\325\253\226\23", 32) = 32
12132 03:59:58 read(13, "\276o\10\253\333\354\312\211 \6\240\322(\234W\354\254c^\365L\375(]\3555@\201\324F\24\n", 32) = 32
12132 03:59:58 read(13, "\314\2273\321\246\372\337\3117\16Twl\200\241\236\275Y\233l\211\312sc\274h\37l\327\253\304\360", 32) = 32
12132 03:59:58 read(13, "\223\276u?\260\305\3\306\3536B\377\344-\237\35kf\305\334\4}\241\6\267?\353\224\232zEh", 32) = 32
12132 03:59:58 read(13, "\305\360\267\344\340\224n\357\374\332\326\322\220\243\345\321.Ae\273 \"#\2647\217\331\253\5E\240{", 32) = 32
12132 03:59:58 read(13, "F3\263\354\240\340^\317\372\37\370\2162\334W\361\21\346\362z\324\323\37\237\2\337g\334\5\317_\346", 32) = 32
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~# grep random srt.out
13549 06:10:50 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
13549 06:10:50 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13549 06:10:50 open("/dev/random", O_RDONLY) = 12
13549 06:10:50 open("/dev/urandom", O_RDONLY <unfinished ...>
13549 06:10:50 open("/dev/random", O_RDONLY) = 14
root@ip-10-213-153-146:~# grep "read(12" srt.out
root@ip-10-213-153-146:~# grep "read(14" srt.out
13549 06:10:50 read(14, "\233'G\30\277\331w\233\326s34\f\343\213R\253", 20) = 17
13549 06:10:50 read(14, "\377\274}", 3) = 3
root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/urandom|source=file:/dev/random|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security
root@ip-10-213-153-146:~# cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | grep source
# Select the source of seed data for SecureRandom. By default an
# the securerandom.source property. If an exception occurs when
securerandom.source=file:/dev/random
# Specifying this system property will override the securerandom.source
root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest
Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom]
Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG]
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~# grep random srt.out
12212 04:07:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
12212 04:07:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
12212 04:07:13 open("/dev/random", O_RDONLY) = 12
12212 04:07:13 open("/dev/urandom", O_RDONLY) = 13
12212 04:07:13 open("/dev/random", O_RDONLY) = 14
root@ip-10-213-153-146:~# grep "read(12" srt.out
12217 04:07:13 read(12, <unfinished ...>
root@ip-10-213-153-146:~# grep "read(13" srt.out
root@ip-10-213-153-146:~# grep "read(14" srt.out
12212 04:07:13 read(14, "\212\234@Z\251|mO\4\300\360C\303\311\307\214\343\357\264\354", 20) = 20
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~# grep random srt.out
13285 05:21:17 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
13285 05:21:17 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13285 05:21:17 open("/dev/random", O_RDONLY) = 5
13285 05:21:17 open("/dev/urandom", O_RDONLY) = 6
root@ip-10-213-153-146:~# grep "read(5" srt.out
13285 05:21:17 read(5, "*|\27\302\202I\351\331\214K'@H\10\312\177", 20) = 16
13285 05:21:17 read(5, "C\331\262\205", 4) = 4
root@ip-10-213-153-146:~# grep "read(6" srt.out
root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/random|source=file:/dev/\./urandom|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest
root@ip-10-213-153-146:~# grep random srt.out
12939 05:06:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
12939 05:06:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
12939 05:06:13 open("/dev/random", O_RDONLY) = 12
12939 05:06:13 open("/dev/urandom", O_RDONLY) = 13
12939 05:06:13 open("/dev/./urandom", O_RDONLY) = 14
root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2
root@ip-10-213-153-146:~# grep random srt.out
13129 05:17:39 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0
13129 05:17:39 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
13129 05:17:39 open("/dev/random", O_RDONLY) = 12
13129 05:17:39 open("/dev/urandom", O_RDONLY) = 13
13129 05:17:39 open("/dev/./urandom", O_RDONLY) = 14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment