Initializing Secure Random (Reprise)

Peter Levart peter.levart at
Tue Nov 25 23:15:11 UTC 2014

On 11/24/2014 09:46 PM, roger riggs wrote:
> Hi,
> This topic has languished for a bit and could use a bit of expertise from
> Windows developers.
> The improvements in entropy for initializing Secure Random in JDK 8 have
> some negative attributes that affect maintainability, robustness and 
> performance[1].
> The dependency on networking, can in some OS's and configurations lead
> to increased startup times and issues with bootstrapping the Java 
> runtime.
> Martin has proposed[2] an alternative for Linux based on /dev/urandom
> with a fallback to a simpler algorithm if /dev/urandom is not available.
> Since /dev/urandom is not native to Windows, it seems prudent to identify
> a corresponding source of entropy data.
> What are the recommended ways on Windows to get seeds for random?
> Please suggest one or more ways to initialize SecureRandom

Hi Roger,

Do you mean SecureRandom or ThreadLocalRandom/SplittbleRandom, since the 
8060435 talks about the later two ?

As Bernd identified, the Windows equivalent to /dev/urandom is MSCAPI.

5 months ago I made an attempt to expose a part of contained internal 
java security API to get access to /dev/urandom based and MSCAPI based 
seed generators. Here's the thread with the discussion:

The minimal patch was the following:

Regards, Peter

> Thanks, Roger
> p.s. Sorry to be covering old ground but I don't have all the context.
> [1] 8060435  SecureRandom initialization latency on Windows
> [2] 

More information about the core-libs-dev mailing list