java慢:熵相关问题 [英] java slow : entropy related issue
问题描述
我遇到的问题是,当使用SSL时,java很慢。解决方案是在命令行中将
-Djava.security.egd = file:/ dev /./ urandom
添加到java。由于我有多个JVM,我不想修改每个JVM以包含此字符串,因此希望将其添加到文件
$ JAVA_HOME / jre / lib / security / java.security
现在,java.security文件已经包含
securerandom.source = file:/ dev / urandom
关于此的两个问题:
- 为什么以及如何/ dev / urandom不同于/dev/./urandom。为什么java不接受/ dev / urandom
- 对于我运行的JVM,如何判断他们是否使用了正确的urandmon设备(vs random)
这实际上是在1.3或1.4天内引入JVM的黑客
http://bugs.sun.com/view_bug.do ?bug_id = 4705093
http://bugs.sun.com/view_bug.do?bug_id=6202721
基本问题是在本机JVM代码中他们硬编码 / dev / urandom
实际使用 / dev / random
来尝试确保足够的熵。由于 / dev / urandom
应该保证不会阻止,如果没有足够的熵,这会产生阻塞的意外后果。
硬编码专门针对字符串 / dev / urandom
进行查找,因此提供解析为相同但不匹配的内容会导致所需的行为。如果您编码 / dev /./ urandom
,则绕过硬编码别名并转到预期的 urandom
熵源。 / p>
I am running into an issue where java is slow when used over SSL. The solution is to add
-Djava.security.egd=file:/dev/./urandom
to java at the command line. Since I have multiple JVM's, I dont want to modify every single JVM to contain this string and hence would like to add it to the file
$JAVA_HOME/jre/lib/security/java.security
Now, the java.security file already contains
securerandom.source=file:/dev/urandom
Two questions on this :
- Why and how is "/dev/urandom" different from "/dev/./urandom". Why doesnt java accept "/dev/urandom"
- For the JVM's that I have running, how can I tell whether they are using the correct urandmon device (vs random)
This is actually a hack introduced into the JVM back in 1.3 or 1.4 days
http://bugs.sun.com/view_bug.do?bug_id=4705093
http://bugs.sun.com/view_bug.do?bug_id=6202721
The basic issue is that in the native JVM code they hardcoded /dev/urandom
to actually use /dev/random
to attempt to ensure sufficient entropy. Since /dev/urandom
is supposed to be guaranteed not to block, this has the unintended consequence of blocking if not enough entropy is available.
The hardcoding looks specifically for the string /dev/urandom
, so providing something that resolves to the same thing but doesn't match that causes the desired behavior. If you code /dev/./urandom
you bypass the hardcoded aliasing and get to the intended urandom
entropy source.
这篇关于java慢:熵相关问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!