-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:[EMAIL PROTECTED] >> Subject: Re: Tomcat 5.0.28 and /dev/urandom >> >> Yeah, if you are using Linux, the /dev/urandom device >> sometimes stalls. > > Actually, /dev/urandom is defined never to block, but the JRE doesn't > use it. Oh, hey, you're right: reading the man page is always helpful ;) However, I'm using JDK 1.5.0_08, and my configuration appears to use it: securerandom.source=file:/dev/urandom > If either file:/dev/random or file:/dev/urandom is configured > as the securerandom.source in java.security, the URLSeedGenerator class > (inside sun/security/provider/SeedGenerator.java) uses /dev/random, > which can block. Your statement is contrary to the documentation within the java.security file (which may be wrong for all I know): # # Select the source of seed data for SecureRandom. By default an # attempt is made to use the entropy gathering device specified by # the securerandom.source property. If an exception occurs when # accessing the URL then the traditional system/thread activity # algorithm is used. # # On Solaris and Linux systems, if file:/dev/urandom is specified and it # exists, a special SecureRandom implementation is activated by default. # This "NativePRNG" reads random bytes directly from /dev/urandom. # # On Windows systems, the URLs file:/dev/random and file:/dev/urandom # enables use of the Microsoft CryptoAPI seed functionality. # securerandom.source=file:/dev/urandom I'm troubled by the statement "a special SecureRandom implementation is activated by default", which doesn't say anything about that implementation (like, whether it actually respects the /dev/urandom preference). Chuck, can you point us to any official documentation that describes this behavior? Or, are you looking at the source code or something like that? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFYd4f9CaO5/Lv0PARAn4VAKCC2/h38QzodYfrh2rwfbDeIAcaaACfW6Kl 0zlZmWh4A9IDWMBApTxnct8= =HzA8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
