-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71998/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2700
https://issues.apache.org/jira/browse/RANGER-2700
Repository: ranger
Description
-------
In Ranger-2.0.0, the request that creating new service often stuck on
generateBase64EncodedIV() in PasswordUtils.java. It uses
SecureRandom.getInstanceStrong() to get the random string. We can find a lot of
information showing that this function often blocks and is very slow.
SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the
thread if there isn't enough randomness available, but /dev/urandom will never
block.
SecureRandom.getInstanceStrong() is equivalent to
SecureRandom.getInstance("NativePRNGBlocking"), so we can use /dev/urandom by
replacing SecureRandom.getInstanceStrong().nextBytes(iv) with
SecureRandom.getInstance("NativePRNGNonBlocking").nextBytes(iv) which will not
be blocked, or we can use new SecureRandom().nextBytes(iv). /dev/random and
/dev/urandom use the same pool of randomness under the hood, and they are
equally secure.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java
c08f55d6e
Diff: https://reviews.apache.org/r/71998/diff/1/
Testing
-------
Thanks,
Jiayi Liu
