Hi Gilles, Sorry, forgot to mention I was talking about the code in the tag for the release.
The random is created here https://github.com/apache/commons-codec/blob/1884dc028bce8094e8ddd7a9fc192a107a64527a/src/main/java/org/apache/commons/codec/digest/B64.java#L77 And used here https://github.com/apache/commons-codec/blob/commons-codec-1.12-RC2/src/main/java/org/apache/commons/codec/digest/Sha2Crypt.java#L113 This last one is called from one of the unit tests within that Sha512Test class that was mentioned in the previous e-mails. I simplified the code while debugging in Eclipse, but probably omitted too much of it. Sorry. CheersBruno On Friday, 8 February 2019, 9:58:47 pm NZDT, Gilles Sadowski <gillese...@gmail.com> wrote: Hello Bruno. Le ven. 8 févr. 2019 à 02:54, Bruno P. Kinoshita <ki...@apache.org> a écrit : > > Hi, > > Had a bit of spare time to investigate this one (almost end of Friday for me > anyway, hooray!). > > There are two unit tests in Sha512 hanging for me in Eclipse, > testSha512CryptExplicitCall and testSha512CryptNullData. The code that the > test uses and hangs in my JVM can be simplified to: > > ``` > String salt = B64.getRandomSalt(8); > System.out.println(salt); // never seen > ``` > > Looking at B64, we have this: `SecureRandom.getInstanceStrong()`, which is > the random object. Used to randomly pick a letter of the B64 alphabet. Where is that code? https://gitbox.apache.org/repos/asf?p=commons-codec.git;a=blob;f=src/main/java/org/apache/commons/codec/digest/B64.java;h=abd83fc34cd3b0df61fb6c0b33772d9cb5f559a7;hb=refs/heads/1_12 Gilles > > It appears this one may take a long time in some systems due to low entropy. > i.e. it tries to gather more random data to give you a really strong > random... only that it appears to take a long long time for my JVM. > > Cheers > Bruno > > https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/ > > > > > > On Friday, 8 February 2019, 2:31:35 pm NZDT, Rob Tompkins > <chtom...@gmail.com> wrote: > > > > > > > > > On Feb 7, 2019, at 8:17 PM, sebb <seb...@gmail.com> wrote: > > > > It builds fine on ubuntu trusty with Java 8 > > Agree > > > > > https://builds.apache.org/view/A-D/view/Commons/job/Commons-Codec-Adhoc/ > > > > Maybe sprinkle the Sha2Crypt.sha2Crypt method with debug prints to see > > where the code is hanging? > > > > Or can you run the test in an IDE that allows you to interrupt it if it > > hangs? > > > > [...] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
