----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71998/ -----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2700 https://issues.apache.org/jira/browse/RANGER-2700 Repository: ranger Description ------- In Ranger-2.0.0, the request that creating new service often stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random string. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block. SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), so we can use /dev/urandom by replacing SecureRandom.getInstanceStrong().nextBytes(iv) with SecureRandom.getInstance("NativePRNGNonBlocking").nextBytes(iv) which will not be blocked, or we can use new SecureRandom().nextBytes(iv). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure. Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java c08f55d6e Diff: https://reviews.apache.org/r/71998/diff/1/ Testing ------- Thanks, Jiayi Liu