如何解决慢Java`SecureRandom`？ [英] How to solve slow Java `SecureRandom`?

问题描述

如果您想在Java中使用加密强大的随机数，请使用 SecureRandom 。不幸的是， SecureRandom 可能会很慢。如果它在Linux上使用 / dev / random ，它可以阻止等待足够的熵建立。你如何避免性能损失？

If you want a cryptographically strong random number in Java, you use SecureRandom. Unfortunately, SecureRandom can be very slow. If it uses /dev/random on Linux, it can block waiting for sufficient entropy to build up. How do you avoid the performance penalty?

有没有人用过不常见的数学作为这个问题的解决方案？

Has anyone used Uncommon Maths as a solution to this problem?

任何人都可以确认JDK 6中已经解决了这个性能问题吗？

Can anybody confirm that this performance problem has been solved in JDK 6?

推荐答案

如果你想要真正的随机数据，那么不幸的是你必须等待它。这包括 SecureRandom PRNG的种子。尽管可以连接到互联网从特定网站下载种子数据，但不常见的数学不能以比 SecureRandom 更快的速度收集真正的随机数据。我的猜测是，这不可能比 / dev / random 更快。

If you want true random data, then unfortunately you have to wait for it. This includes the seed for a SecureRandom PRNG. Uncommon Maths can't gather true random data any faster than SecureRandom, although it can connect to the internet to download seed data from a particular website. My guess is that this is unlikely to be faster than /dev/random where that's available.

如果你想要的话PRNG，做这样的事情：

If you want a PRNG, do something like this:

SecureRandom.getInstance("SHA1PRNG");

支持哪些字符串取决于 SecureRandom SPI提供程序，但您可以使用 Security.getProviders（）和 Provider.getService（）枚举它们。

What strings are supported depends on the SecureRandom SPI provider, but you can enumerate them using Security.getProviders() and Provider.getService().

Sun喜欢SHA1PRNG，所以它广泛使用。它并不像PRNG那样特别快，但是PRNG只会处理数字，而不是阻止物理测量熵。

Sun is fond of SHA1PRNG, so it's widely available. It isn't especially fast as PRNGs go, but PRNGs will just be crunching numbers, not blocking for physical measurement of entropy.

例外情况是，如果你不这样做在获取数据之前调用 setSeed（），然后PRNG将在您第一次调用 next（）时自行播种或的nextBytes（）。它通常使用来自系统的相当少量的真随机数据来完成此操作。这个调用可能会阻塞，但会使你的随机数源比任何将当前时间与PID一起散列，加上27，并希望最好的变体更安全。如果您需要的只是游戏的随机数，或者如果您希望将来使用相同的种子进行测试，可以重复使用流，那么不安全的种子仍然有用。

The exception is that if you don't call setSeed() before getting data, then the PRNG will seed itself once the first time you call next() or nextBytes(). It will usually do this using a fairly small amount of true random data from the system. This call may block, but will make your source of random numbers far more secure than any variant of "hash the current time together with the PID, add 27, and hope for the best". If all you need is random numbers for a game, though, or if you want the stream to be repeatable in future using the same seed for testing purposes, an insecure seed is still useful.

这篇关于如何解决慢Java`SecureRandom`？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！