syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [PROPOSAL] Replace SecureRandom with ThreadLocalRandom
Date Wed, 07 Feb 2018 12:12:08 GMT
On 07/02/2018 13:02, Colm O hEigeartaigh wrote:
> Hi Francesco,
>
> The feedback I have got is that the algorithm used in ThreadLocalRandom is
> not secure enough to be considered a SecureRandom. So I think it's probably
> not OK to switch if we are using it to generate tokens unfortunately.

I see... what about wrapping SecureRandom in ThreadLocal instead, e.g. 
replacing

  private static final SecureRandom RANDOM = new SecureRandom();

with

     private static final ThreadLocal<SecureRandom> RANDOM = new 
ThreadLocal<SecureRandom>() {

         @Override
         protected SecureRandom initialValue() {
             return new SecureRandom();
         }
     };

in

https://github.com/apache/syncope/blob/2_0_X/common/lib/src/main/java/org/apache/syncope/common/lib/SecureTextRandomProvider.java

?

Also, we'll need to add to the reference guide the hint to set

-Djava.security.egd=file:/dev/./urandom

for Tomcat and other Java EE containers on Linux

WDYT?

> On Mon, Feb 5, 2018 at 12:25 PM, Colm O hEigeartaigh <coheigea@apache.org>
> wrote:
>
>> No, my query got passed on to someone else, still waiting to hear back....
>>
>> Colm.
>>
>> On Mon, Feb 5, 2018 at 7:44 AM, Francesco Chicchiriccò <
>> ilgrosso@apache.org> wrote:
>>
>>> Hi,
>>> thanks for the feedback go to so far.
>>>
>>> I know from IRC that Colm has been exploring the security feasibility
>>> with some of his contacts:  any results so far?
>>>
>>> Regards.
>>>
>>>
>>> On 30/01/2018 08:24, Francesco Chicchiriccò wrote:
>>>
>>>> Hi there,
>>>> any feedback on this?
>>>> If no one sees issues with that I'll proceed as indicated.
>>>>
>>>> Regards.
>>>>
>>>> On 24/01/2018 17:54, Francesco Chicchiriccò wrote:
>>>>
>>>>> Hi all (and Colm in particular, as this should be in your chords),
>>>>> we are currently basing all operations requiring random generation
>>>>> (mainly tokens used during double opt-in and password reset, and password
>>>>> values for specific cases) on SecureRandom [1].
>>>>>
>>>>> SecureRandom has, however, some performance issues which were solved,
>>>>> starting with Java 7, by ThreadLocalRandom [2]; with Java 8 an improvement
>>>>> was made [3] to retain security by setting the system property
>>>>> 'java.util.secureRandomSeed' to true.
>>>>>
>>>>> Shall we:
>>>>>
>>>>> 1. suggest to set
>>>>>
>>>>> -Djava.security.egd=file:/dev/./urandom
>>>>>
>>>>> for Tomcat and other Java EE containers on Linux, and
>>>>>
>>>>> 2. suggest to set
>>>>>
>>>>> -Djava.util.secureRandomSeed=true
>>>>>
>>>>> for Tomcat and other Java EE containers, and
>>>>>
>>>>> 3. replace SecureRandom with ThreadLocalRandom in [1]
>>>>>
>>>>> ?
>>>>>
>>>>> Regards.
>>>>>
>>>>> [1] https://github.com/apache/syncope/blob/2_0_X/common/lib/src/main/java/org/apache/syncope/common/lib/SecureTextRandomProvider.java#L29
>>>>> [2] https://docs.oracle.com/javase/7/docs/api/java/util/concurrent/ThreadLocalRandom.html
>>>>> [3] https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadLocalRandom.html

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message