[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945467#comment-15945467
]
Ishan Chattopadhyaya commented on SOLR-10338:
---------------------------------------------
{code}
A read from the /dev/urandom device will not block waiting for more entropy.
If there is not sufficient entropy, a pseudorandom number generator is
used to create the requested bytes. As a result, in this case the returned
values are theoretically vulnerable to a crypto‐graphic attack on the
algorithms used by the driver.
{code}
Here's an excerpt from the {{man random}} page in GNU/Linux. Given this, I'd be
reluctant to make the /dev/urandom as the default.
> Configure SecureRandom non blocking
> -----------------------------------
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
> Reporter: Mihaly Toth
> Assignee: Mark Miller
> Fix For: 4.9, 6.0
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
