Initializing Secure Random (Reprise)
peter.levart at gmail.com
Tue Nov 25 23:15:11 UTC 2014
On 11/24/2014 09:46 PM, roger riggs wrote:
> This topic has languished for a bit and could use a bit of expertise from
> Windows developers.
> The improvements in entropy for initializing Secure Random in JDK 8 have
> some negative attributes that affect maintainability, robustness and
> The dependency on networking, can in some OS's and configurations lead
> to increased startup times and issues with bootstrapping the Java
> Martin has proposed an alternative for Linux based on /dev/urandom
> with a fallback to a simpler algorithm if /dev/urandom is not available.
> Since /dev/urandom is not native to Windows, it seems prudent to identify
> a corresponding source of entropy data.
> What are the recommended ways on Windows to get seeds for random?
> Please suggest one or more ways to initialize SecureRandom
Do you mean SecureRandom or ThreadLocalRandom/SplittbleRandom, since the
8060435 talks about the later two ?
As Bernd identified, the Windows equivalent to /dev/urandom is MSCAPI.
5 months ago I made an attempt to expose a part of contained internal
java security API to get access to /dev/urandom based and MSCAPI based
seed generators. Here's the thread with the discussion:
The minimal patch was the following:
> Thanks, Roger
> p.s. Sorry to be covering old ground but I don't have all the context.
>  8060435 SecureRandom initialization latency on Windows
More information about the core-libs-dev