[
https://issues.apache.org/jira/browse/HDFS-1835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13106993#comment-13106993
]
John Carrino commented on HDFS-1835:
------------------------------------
If you just 'cat /dev/urandom > /dev/null' it will eat entropy. urandom
prefers entropy, but doesn't require it. Even if you are using urandom, you
can push the entropy low enough that if someone then uses /dev/random, it may
block.
> DataNode.setNewStorageID pulls entropy from /dev/random
> -------------------------------------------------------
>
> Key: HDFS-1835
> URL: https://issues.apache.org/jira/browse/HDFS-1835
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: data-node
> Affects Versions: 0.20.2
> Reporter: John Carrino
> Assignee: John Carrino
> Fix For: 0.23.0
>
> Attachments: DataNode.patch, hdfs-1835.txt
>
> Original Estimate: 10m
> Remaining Estimate: 10m
>
> DataNode.setNewStorageID uses SecureRandom.getInstance("SHA1PRNG") which
> always pulls fresh entropy.
> It wouldn't be so bad if this were only the 120 bits needed by sha1, but the
> default impl of SecureRandom actually uses a BufferedInputStream around
> /dev/random and pulls 1024 bits of entropy for this one call.
> If you are on a system without much entropy coming in, this call can block
> and block others.
> Can we just change this to use "new
> SecureRandom().nextInt(Integer.MAX_VALUE)" instead?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
