The JCK test api/java_security/SecureRandom/SecureRandomTests.html#misc
can hang on Linux platforms if there is no other activity on the system.
This bug appears to have been in the system for several releases.
This is caused by code in the NativePRNG.java file accessing /dev/random and blocking.
I believe these suspect code is this method.
private byte implGenerateSeed(int numBytes)
On some Linux systems we get an initial stream of bytes from /dev/random that can
satisfy the Seed requirement but others return nothing unless there is additional system
Although the JRE is supposed to support selecting /dev/urandom in the java.security properties file, this code appears to ignore this selection. To attempt to work around this problem we have attempted to set the command line property:
and make sure that the java.security file contains this setting:
This still causes hangs on several Linux boxes tested. The test can be made to pass if there is consistent mouse or keyboard activity. This is obviously not an acceptable workaround.
If the user has selected a less secure random number source (/dev/urandom), our
SecureRandom implementation should honor that and not hang.
In addition to the JCK hangs, this problem could manifest itself with unacceptable performance degredation in customer applications that would be very difficult to diagnose.
Add clarifications into SecureRandom spec.
Will also add details on Sun JDK implementations into the security guide.
set securerandom.source to file:/dev/./urandom as described in http://monaco.sfbay/detail.jsf?cr=6202721
Hanging at generateSeed is not a bug, since that's what was designed:
When the entropy pool is empty, reads from /dev/random will block until
additional environmental noise is gathered.
(Source: Linux Programmer's Manual, section 4)
Alternatively, set securerandom.source to file:/dev/./urandom as described in http://monaco.sfbay/detail.jsf?cr=6202721