tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: SecureRandom instance for session ID generation using [SHA1PRNG] took [510,962] milliseconds !
Date Fri, 03 Oct 2014 12:01:08 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Martin,

On 10/3/14 5:48 AM, Martin Hamant wrote:
> Le 03/10/2014 11:26, Martin Hamant a écrit :
>> 
>> 
>> The virtual (qemu) server runs with 4GB RAM
> 
> Sorry, The hypervisor is KVM. The VM is running on top of
> OpenStack So... This could lead somewhere as I am reading 
> http://blog.dustinkirkland.com/2012/10/entropy-or-lack-thereof-in-openstack.html

OpenStack
> 
or not, running on a VM usually means that the underlying OS
is providing the source of entropy. If your physical machine is
heavily virtualized, you may have multiple entropy sinks constantly
draining your source(s() of entropy.

If you wait for a while, things will recover. If you find you are
constantly blocking waiting for more randomness to be available from
your random source, you basically have 3 options:

1. Suffer through it. Just keep waiting.

2. Use a poor source of randomness, like /dev/urandom on Linux.
   I wouldn't recommend this for any kind of production deployment,
   since the entropy source is "watered-down". You can't rely on it
   for important things like encryption (including SSL) and really
   anything that requires random numbers that are as random as
   possible (like session ids).

3. Get yourself a hardware entropy source. You can buy USB keys that
   do this kind of thing. Make sure whatever you get is compatible
   with your OS and accessible by Java (better yet, get one that will
   simply dump its randomness into /dev/random).

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJULpAEAAoJEBzwKT+lPKRYkvsQAKtreSMgcqxhgWxBJRzrEtQi
Uk0J7zGLUDnggvlLSRW6JvY45BsTdKrgaIqeSVd/KGmNOtwI6ZldL/g+b6Dz26xj
W2IOxPRy9UQxiHFjmmyqxRD+ptnHE3alrcH1g0qvnTOfwjWdv/NkOB3HhOvf7Bae
7G1wQBTEOq7VKyizeEO0isEb1t9YEHvuLayM15r6qcEGFqa2GW48iG4EG48HIm+A
yKEIuh5G3+7XoQ3k/aj3g2WT6plM1BI4l39Lfun+2SOSOZlxmI9ri0X8ZhPk6+82
ARc0Y/HF4GY8rSzbQ2k5Xzvv/HbT1089BDGYLq6/E4UfRUzz3i25krE9avFj3YLh
zHEyz+a4+t+4kqIUZFdeTX1XRv39auBXwJriqkH5A4HMx0gvCfSIAktG11cDW2FX
+RlHfeGaTfxF9bii/tJnAGT1/l9i51Si4q23HVjpGMM4JgUP89GWswEcMvp0DjlT
4Hd6y8AyUO2YDuiMxlMoOrhujX3q1tvnZ3dUIzGrDXZoseaMbtKA1tqMsafdPXh6
eyWOX4sS42Es9ePoD0o9uuF5ai136866E3Yk2QFQRZWBOmqhIuf0aM0n6Kdv8GBq
aaICz0L0WtIJ/uljziSARLBl2Aecch0l61/5IwOpbLlzlfr9ZYIwb+F0zB9Dlqqq
o+yT9gLk0P7kps9eM2s+
=Kt5L
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message