如何处理慢速 SecureRandom 生成器? [英] How to deal with a slow SecureRandom generator?
问题描述
如果您想在 Java 中使用加密强随机数,您可以使用 SecureRandom.不幸的是,SecureRandom 可能会很慢.如果它在 Linux 上使用 /dev/random,它可以阻止等待足够的熵建立.您如何避免性能损失?
If you want a cryptographically strong random numbers in Java, you use SecureRandom. Unfortunately, SecureRandom can be very slow. If it uses /dev/random on Linux, it can block waiting for sufficient entropy to build up. How do you avoid the performance penalty?
有没有人用Uncommon Maths来解决这个问题?
Has anyone used Uncommon Maths as a solution to this problem?
谁能确认这个性能问题已经在 JDK 6 中解决了?
Can anybody confirm that this performance problem has been solved in JDK 6?
推荐答案
如果你想要真正的随机数据,那么不幸的是你必须等待它.这包括 SecureRandom PRNG 的种子.Uncommon Maths 无法比 SecureRandom 更快地收集真正的随机数据,尽管它可以连接到互联网以从特定网站下载种子数据.我的猜测是,这不太可能比可用的 /dev/random 快.
If you want true random data, then unfortunately you have to wait for it. This includes the seed for a SecureRandom PRNG. Uncommon Maths can't gather true random data any faster than SecureRandom, although it can connect to the internet to download seed data from a particular website. My guess is that this is unlikely to be faster than /dev/random where that's available.
如果您想要 PRNG,请执行以下操作:
If you want a PRNG, do something like this:
SecureRandom.getInstance("SHA1PRNG");
支持哪些字符串取决于 SecureRandom SPI 提供程序,但您可以使用 Security.getProviders() 和 Provider.getService() 枚举它们代码>.
What strings are supported depends on the SecureRandom SPI provider, but you can enumerate them using Security.getProviders() and Provider.getService().
Sun 喜欢 SHA1PRNG,因此它被广泛使用.它不像 PRNG 那样快,但 PRNG 只会处理数字,不会阻塞熵的物理测量.
Sun is fond of SHA1PRNG, so it's widely available. It isn't especially fast as PRNGs go, but PRNGs will just be crunching numbers, not blocking for physical measurement of entropy.
例外情况是,如果您在获取数据之前没有调用 setSeed(),那么 PRNG 将在您第一次调用 next() 或nextBytes().它通常会使用来自系统的相当少量的真正随机数据来做到这一点.此调用可能会阻塞,但将使您的随机数源比将当前时间与 PID 一起散列,加上 27,并希望最好"的任何变体更安全.但是,如果您只需要游戏的随机数,或者如果您希望流在将来使用相同的种子进行测试时可重复,那么不安全的种子仍然很有用.
The exception is that if you don't call setSeed() before getting data, then the PRNG will seed itself once the first time you call next() or nextBytes(). It will usually do this using a fairly small amount of true random data from the system. This call may block, but will make your source of random numbers far more secure than any variant of "hash the current time together with the PID, add 27, and hope for the best". If all you need is random numbers for a game, though, or if you want the stream to be repeatable in future using the same seed for testing purposes, an insecure seed is still useful.
这篇关于如何处理慢速 SecureRandom 生成器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
