Seeding Java Authorization and Authentication using /dev/urandom

We had a strange issue during Oracle WebLogic development yesterday. Setting up a secure connection between a client and the WebLogic Admin server took really long on our shiny new hardware (Dell R710) compared the older servers (Dell 2950). After we made sure everything was exactly the same, people started to blame C1 and C1E states and other powersave or cpu throttling measures. However, given the different in setup times (2-6 sec vs 50-90 sec), I suspected it to be something else. Throttling down from 2.23 GHz to 1.6 GHz cannot cause such a great difference. Or at least be unlikely.

Lo and behold, it turned out to be related to the seeding of the random number generator in Java. Normally this is linked to /dev/random but can be sped up by using /dev/urandom, which uses some entropy of your system. Still, the urandom device, while faster, still caused a 20-fold difference.

As a workaround, you can tell your JVM which seed generator to use and prevent JVM from waiting or looking or whatever it does. See also the JAAS Reference Guide for more information.

If you call your JVM with the command line switch
-Djava.security.egd=file:/dev/./urandom
it will go much speedier! And yes, there is a dot "." inside that path, in order to work around another bug. :)

No comments: