[ https://issues.apache.org/jira/browse/HADOOP-10734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050526#comment-14050526 ]
Andrew Purtell commented on HADOOP-10734: ----------------------------------------- bq. When using Linux, why not just read from /dev/urandom? That will also use the RdRand feature when available. I think this can be done with the default SecureRandom implementation, with -Djava.security.egd=file:/dev/./urandom . However there is file IO involved, it may still be faster to invoke the rdrand instruction directly. Docs suggest a direct throughput of ~6Gbps. > Implementation of true secure random with high performance using hardware > random number generator. > -------------------------------------------------------------------------------------------------- > > Key: HADOOP-10734 > URL: https://issues.apache.org/jira/browse/HADOOP-10734 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134) > Reporter: Yi Liu > Assignee: Yi Liu > Fix For: fs-encryption (HADOOP-10150 and HDFS-6134) > > Attachments: HADOOP-10734.patch > > > This JIRA is to implement Secure random using JNI to OpenSSL, and > implementation should be thread-safe. > Utilize RdRand to return random numbers from hardware random number > generator. It's TRNG(True Random Number generators) having much higher > performance than {{java.security.SecureRandom}}. > https://wiki.openssl.org/index.php/Random_Numbers > http://en.wikipedia.org/wiki/RdRand > https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl -- This message was sent by Atlassian JIRA (v6.2#6252)