Forked from svrc-personal/gist:5a8accc57219b9548fe1
Created
December 14, 2019 15:05
-
-
Save haint/05c227b8519b206de27a6db79255436c to your computer and use it in GitHub Desktop.
Revisions
-
svrc-personal revised this gist
Oct 29, 2014 . 1 changed file with 2 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,10 +19,9 @@ NOTES from strace tests, looking at what file handles are read from (Apoligies these aren't super clear or necessarily complete -- as I ran these out of order and collated them) Test #1 - SecureRandom.getBytes() import java.security.*; public class SecureRandomTest { public static void main(String[] args) { SecureRandom sr = new SecureRandom(); @@ -32,6 +31,7 @@ public class SecureRandomTest { } Test #2 - SecureRandom.generateSeed(20) import java.security.*; public class SecureRandomTest2 { public static void main(String[] args) { @@ -41,7 +41,6 @@ public class SecureRandomTest2 { } root@ip-10-213-153-146:~# lsb_release -d Description: Ubuntu 14.04.1 LTS -
Oct 29, 2014 . 1 changed file with 25 additions and 25 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -127,6 +127,30 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 open("/dev/random", O_RDONLY) = 5 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 6 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 open("/dev/random", O_RDONLY) = 7 13385 05:24:41 open("/dev/random", O_RDONLY) = 8 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 9 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 10 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out 13385 05:24:41 read(5, "\3f\221\21Z<\272\23\245q\243:H\363$!", 20) = 16 13385 05:24:41 read(5, "\241\351\22\6", 4) = 4 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/random|source=file:/dev/urandom|" jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more provider: NativePRNG egdUrl: file:/dev/urandom @@ -194,31 +218,7 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13408 05:26:40 access("/dev/urandom", R_OK) = 0 -
Oct 29, 2014 . 1 changed file with 11 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -366,6 +366,17 @@ root@ip-10-213-153-146:~# grep "read(13" srt.out 12132 03:59:58 read(13, "\305\360\267\344\340\224n\357\374\332\326\322\220\243\345\321.Ae\273 \"#\2647\217\331\253\5E\240{", 32) = 32 12132 03:59:58 read(13, "F3\263\354\240\340^\317\372\37\370\2162\334W\361\21\346\362z\324\323\37\237\2\337g\334\5\317_\346", 32) = 32 root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~# grep random srt.out 13549 06:10:50 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 13549 06:10:50 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13549 06:10:50 open("/dev/random", O_RDONLY) = 12 13549 06:10:50 open("/dev/urandom", O_RDONLY <unfinished ...> 13549 06:10:50 open("/dev/random", O_RDONLY) = 14 root@ip-10-213-153-146:~# grep "read(12" srt.out root@ip-10-213-153-146:~# grep "read(14" srt.out 13549 06:10:50 read(14, "\233'G\30\277\331w\233\326s34\f\343\213R\253", 20) = 17 13549 06:10:50 read(14, "\377\274}", 3) = 3 root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/urandom|source=file:/dev/random|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security root@ip-10-213-153-146:~# cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | grep source -
Oct 29, 2014 . 1 changed file with 109 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,13 +10,14 @@ A. OpenJDK 7 b65. B. Oracle JDK 8 b25. 1. Default in java.security is securerandom.source=/dev/random. 2. if securerandom.source=/dev/random, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random 3. if securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is non-blocking via /dev/urandom 4. if securerandom.source=/dev/./urandom, then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses NOTES from strace tests, looking at what file handles are read from (Apoligies these aren't super clear or necessarily complete -- as I ran these out of order and collated them) Test #1 - SecurityRandom.getBytes() @@ -60,8 +61,14 @@ securerandom.source=file:/dev/random root@ip-10-213-153-146:~/jdk1.8.0_25# javac SecureRandomTest.java root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more provider: NativePRNG egdUrl: file:/dev/random provider: NativePRNG.MIXED seedFile: /dev/random nextFile: /dev/urandom Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom ..snip.. root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest @@ -118,6 +125,8 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/random|source=file:/dev/urandom|" jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more provider: NativePRNG egdUrl: file:/dev/urandom @@ -127,7 +136,63 @@ Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom ..snip.. root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13435 05:43:50 access("/dev/urandom", R_OK) = 0 13435 05:43:50 access("/dev/urandom", R_OK) = 0 13435 05:43:50 access("/dev/urandom", R_OK) = 0 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 5 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 6 13435 05:43:50 access("/dev/random", R_OK) = 0 13435 05:43:50 access("/dev/random", R_OK) = 0 13435 05:43:50 open("/dev/random", O_RDONLY) = 7 13435 05:43:50 open("/dev/random", O_RDONLY) = 8 13435 05:43:50 access("/dev/urandom", R_OK) = 0 13435 05:43:50 access("/dev/urandom", R_OK) = 0 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 9 13435 05:43:50 open("/dev/urandom", O_RDONLY) = 10 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out 13435 05:43:50 read(6, "+\0033J\201\201{\226\302\277\356\243\314\217_\311|\257+\256", 20) = 20 13435 05:43:50 read(6, "\3\233\240\213\336i\335u\235\333p\206V\335\310v\16\376\372|4\220\247\334\v\344\\\361Z<=\260", 32) = 32 13435 05:43:50 read(6, "\2141\312L1\322\367G\272\27a\310\304{8\205\355\t8M@XQ\200\307\242y)\235H\312\272", 32) = 32 13435 05:43:50 read(6, "\345tG\206\r\36\35\313.\0\252\374\377}\2\277\353\316\312\336\246\353\307\307\366\237d\205\3\214H\341", 32) = 32 13435 05:43:50 read(6, "\230\322z<\2160\317\310\343\364\366\30+p\355s\33&\30\34\305\221QIk~\237K\273J2f", 32) = 32 13435 05:43:50 read(6, "\253\2\314\270\355h\24s\315\0059j8\31\350\33\276\244\367\316\7\333\327\257?\314\265\344(\210\32\302", 32) = 32 13435 05:43:50 read(6, "E&n\265\237\36\226\25?.\20\313\247\276\270\337\332\222\241#?\304\233\27\370\333^C\267\247c;", 32) = 32 13435 05:43:50 read(6, "s+\367\24SQ8b\274\367b\32q\315\241\36'\5\261\310A\354\317\340j'\243\310\362\361e\216", 32) = 32 13435 05:43:50 read(6, "K[\\T\264\210\30!\373\252\0\21\7\225\2631*\237\306\256x`2\240R\2266\257g+\341c", 32) = 32 13435 05:43:50 read(6, "\230\33P\242;\236\251t\303\243S\324\232!\245+\332v\270\316\303\34\216\316j\4\344\357vd\32a", 32) = 32 13435 05:43:50 read(6, "\245\274q y\311{\270\21.\3570Pv\371j\23\360\230\257\212\365\3\25w(\20;\265\34\276\367", 32) = 32 13435 05:43:50 read(6, "d\34K\220\204\251^\247Z\242c\223\2\265C\372\263\241\344\325\244\312*BBG\210\314\327\257-\266", 32) = 32 13435 05:43:50 read(6, "1\2520\202Q\320o\335v\276*\230\324O\310\252\0\214\372\273$\331\302\264)\364T\2515+\351\360", 32) = 32 13435 05:43:50 read(6, "\213L?\353\204V\277\356\0054e\313\312{?z[\307\215_\367q\254_^\243^\270\301\320\376\233", 32) = 32 13435 05:43:50 read(6, "\336\231\2347eg5\373\25\332f\322\216\350\21\354\224N\361\252\333\364{\232T\272\331g\343\245${", 32) = 32 13435 05:43:50 read(6, "T@\252\2\304\35:\326\274\0\225\25\354\327~\211\271\244\356\241\317\376\235\27LtT\374\372,\251\234", 32) = 32 13435 05:43:50 read(6, "\340\315zl\2005\342\346\374m\343\347-#V\226\2017\243\236h\321o<0*s]\310r,\347", 32) = 32 13435 05:43:50 read(6, "\27\260E\226\342W\257#3\370\224\360\311\205\2F\36\257\356>V\371V)\307\177\357\0\247\302\310\320", 32) = 32 13435 05:43:50 read(6, "0\334\277=\21~\270\256\272\312\334?]\2534clH\326J\336E\350\274\24\221\274\32\327\2706\372", 32) = 32 13435 05:43:50 read(6, "$\225\217\235<\346\332\353Y^\261\345\376\325\233j\31\r\271Vd\246\177\304\225$\344Z\204F\237\331", 32) = 32 13435 05:43:50 read(6, "\337q\224rx\257\376b\323\215\7~w'{\327\243\321t\301\246\262\375\345-\273\254s\375\337. ", 32) = 32 13435 05:43:50 read(6, "\rI\347LR\224\215\336\342\324\265\26\327\326\252N:\2705\257O\347bI\327\342G\301\r\37,n", 32) = 32 13435 05:43:50 read(6, "\361\332\251%\254\222\27_\215\nX\235\345\32\372\r?V\236k\37\\5\27`0\306\25IQ\351\7", 32) = 32 13435 05:43:50 read(6, "!\272\240\241S\215**-j\323\"$\210\335\365\f%d(\3764\276P?\355\346*\377\211\250^", 32) = 32 13435 05:43:50 read(6, "\220\37\230f\306\310\222\342\334:EJn\377L\21\242,^q~\247\215\2209\35\202\247\177\210\341\264", 32) = 32 13435 05:43:50 read(6, "\202\10\37\363*\311\350\6a:HU\257\204\36&H\330\4V.\225\3343\313\177\0\371+\266\336\234", 32) = 32 13435 05:43:50 read(6, "\275n{h\2473\212\\o\352\3\235\nD\360\7\365o\31g8\26Iv\333\305\372K\326\264\245|", 32) = 32 13435 05:43:50 read(6, "\230\261`7\372\342\202\306PP\34\300\23\210\377\351\317o\305\236\366!\25\357e\257/v\325L\235?", 32) = 32 13435 05:43:50 read(6, "\337\0\312\"\303\10T\264V(\25\336\251?\330 \263\6\3452c)$\341\220\357i\321\205\254\331\0", 32) = 32 13435 05:43:50 read(6, "\360\276h\311\353\t\347\321O?\25\263\232\307\377\305\310]Oz\373\234\233]V\367\361\33\"\223P[", 32) = 32 13435 05:43:50 read(6, "\374tv\233~\336\241\216\210YD\240T\17\207\275\334\271\250\313k\263\315\241&\30\370(\24!\4\23", 32) = 32 13435 05:43:50 read(6, "\244\310_\354\225\360E\\\244\25\247\206\37C\36\316\315d\30M\312B\334\324\1\300\211\3658\262e\214", 32) = 32 13435 05:43:50 read(6, "\0kr\330d\213x\223\3042\262\235\330\365\20\345\301\352\363\257\362\261\330B\6@\26<\201\251\311m", 32) = 32 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out @@ -178,7 +243,6 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/urandom|source=file:/dev/\./urandom|" jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# grep source jre/lib/security/java.security # Sun Provider SecureRandom seed source. @@ -187,6 +251,16 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep source jre/lib/security/java.security # "securerandom.source" Security property. securerandom.source=file:/dev/./urandom root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest provider: NativePRNG egdUrl: file:/dev/./urandom provider: NativePRNG.MIXED seedFile: /dev/./urandom nextFile: /dev/urandom Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 12985 05:10:35 access("/dev/./urandom", R_OK) = 0 @@ -205,6 +279,7 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 11 root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13047 05:13:58 access("/dev/./urandom", R_OK) = 0 @@ -221,6 +296,14 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 9 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 10 13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 11 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(11" srt.out 13082 05:16:34 read(11, "\343}t\330-\10\262y\3142O\211\224\211I\350N@\216G", 20) = 20 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out @@ -308,6 +391,17 @@ root@ip-10-213-153-146:~# grep "read(13" srt.out root@ip-10-213-153-146:~# grep "read(14" srt.out 12212 04:07:13 read(14, "\212\234@Z\251|mO\4\300\360C\303\311\307\214\343\357\264\354", 20) = 20 root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~# grep random srt.out 13285 05:21:17 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 13285 05:21:17 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13285 05:21:17 open("/dev/random", O_RDONLY) = 5 13285 05:21:17 open("/dev/urandom", O_RDONLY) = 6 root@ip-10-213-153-146:~# grep "read(5" srt.out 13285 05:21:17 read(5, "*|\27\302\202I\351\331\214K'@H\10\312\177", 20) = 16 13285 05:21:17 read(5, "C\331\262\205", 4) = 4 root@ip-10-213-153-146:~# grep "read(6" srt.out root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/random|source=file:/dev/\./urandom|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest @@ -319,3 +413,11 @@ root@ip-10-213-153-146:~# grep random srt.out 12939 05:06:13 open("/dev/urandom", O_RDONLY) = 13 12939 05:06:13 open("/dev/./urandom", O_RDONLY) = 14 root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~# grep random srt.out 13129 05:17:39 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 13129 05:17:39 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 13129 05:17:39 open("/dev/random", O_RDONLY) = 12 13129 05:17:39 open("/dev/urandom", O_RDONLY) = 13 13129 05:17:39 open("/dev/./urandom", O_RDONLY) = 14 -
Oct 29, 2014 . 1 changed file with 166 additions and 22 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,49 @@ Summary of Behaviour: A. OpenJDK 7 b65. 1. Default in java.security is securerandom.source=/dev/urandom 2. If securerandom.source=/dev/urandom, NativePRNG is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random 3. if securerandom.source=/dev/random, then SHA1PRNG is used. Initial seed is blocking via /dev/random. No other accesses. 4. If securerandom.source=/dev/./urandom then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses. B. Oracle JDK 8 b25. 1. Default in java.security is securerandom.source=/dev/random. 2. if securerandom.source=/dev/random, NativePRNG MIXED is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is blocking via /dev/random 3. if securerandom.source=/dev/urandom, NativePRNG MIXED is used, SecureRandom.nextBytes() is non-blocking via /dev/urandom ; SecureRandom.generateSeed(x) is non-blocking via /dev/urandom 4. if securerandom.source=/dev/./urandom, then SHA1PRNG is used. Initial seed is non-blocking via /dev/./urandom. No other accesses. NOTES from tests (sorry these aren't complete -- as I ran these out of order and lost some of the output but retained the results in my notes) Test #1 - SecurityRandom.getBytes() import java.security.*; public class SecureRandomTest { public static void main(String[] args) { SecureRandom sr = new SecureRandom(); byte[] b = new byte[1024]; sr.nextBytes(b); } } Test #2 - SecureRandom.generateSeed(20) import java.security.*; public class SecureRandomTest2 { public static void main(String[] args) { SecureRandom sr = new SecureRandom(); sr.generateSeed(20); } } root@ip-10-213-153-146:~# lsb_release -d Description: Ubuntu 14.04.1 LTS root@ip-10-213-153-146:~/jdk1.8.0_25# java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b17) @@ -10,21 +56,14 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# cat jre/lib/security/java.security | grep # "securerandom.source" Security property. securerandom.source=file:/dev/random root@ip-10-213-153-146:~/jdk1.8.0_25# javac SecureRandomTest.java root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more TODO root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 3347 03:28:23 access("/dev/random", R_OK) = 0 @@ -79,11 +118,114 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/random|source=file:/dev/urandom|" jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# java -Djava.security.debug=provider SecureRandomTest | more provider: NativePRNG egdUrl: file:/dev/urandom provider: NativePRNG.MIXED seedFile: /dev/urandom nextFile: /dev/urandom Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] provider: NativePRNG.BLOCKING seedFile: /dev/random nextFile: /dev/random Provider: Set SUN provider property [SecureRandom.NativePRNGBlocking/sun.security.provider.NativePRNG$Blocking] provider: NativePRNG.NONBLOCKING seedFile: /dev/urandom nextFile: /dev/urandom root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 open("/dev/random", O_RDONLY) = 5 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 6 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 access("/dev/random", R_OK) = 0 13385 05:24:41 open("/dev/random", O_RDONLY) = 7 13385 05:24:41 open("/dev/random", O_RDONLY) = 8 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 access("/dev/urandom", R_OK) = 0 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 9 13385 05:24:41 open("/dev/urandom", O_RDONLY) = 10 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out 13385 05:24:41 read(5, "\3f\221\21Z<\272\23\245q\243:H\363$!", 20) = 16 13385 05:24:41 read(5, "\241\351\22\6", 4) = 4 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# vi jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out^C root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13408 05:26:40 access("/dev/urandom", R_OK) = 0 13408 05:26:40 access("/dev/urandom", R_OK) = 0 13408 05:26:40 access("/dev/urandom", R_OK) = 0 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 5 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 6 13408 05:26:40 access("/dev/random", R_OK) = 0 13408 05:26:40 access("/dev/random", R_OK) = 0 13408 05:26:40 open("/dev/random", O_RDONLY) = 7 13408 05:26:40 open("/dev/random", O_RDONLY) = 8 13408 05:26:40 access("/dev/urandom", R_OK) = 0 13408 05:26:40 access("/dev/urandom", R_OK) = 0 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 9 13408 05:26:40 open("/dev/urandom", O_RDONLY) = 10 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out 13408 05:26:40 read(5, "\333\210c\265<eu\10\223\242\231d=vG\325\17\260f\310", 20) = 20 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# sed -i "s|source=file:/dev/urandom|source=file:/dev/\./urandom|" jre/lib/security/java.security root@ip-10-213-153-146:~/jdk1.8.0_25# grep source jre/lib/security/java.security # Sun Provider SecureRandom seed source. # Select the primary source of seed data for the "SHA1PRNG" and # specified by the "securerandom.source" Security property. If an # "securerandom.source" Security property. securerandom.source=file:/dev/./urandom root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 12985 05:10:35 access("/dev/./urandom", R_OK) = 0 12985 05:10:35 access("/dev/./urandom", R_OK) = 0 12985 05:10:35 access("/dev/urandom", R_OK) = 0 12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 5 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 6 12985 05:10:35 access("/dev/random", R_OK) = 0 12985 05:10:35 access("/dev/random", R_OK) = 0 12985 05:10:35 open("/dev/random", O_RDONLY) = 7 12985 05:10:35 open("/dev/random", O_RDONLY) = 8 12985 05:10:35 access("/dev/urandom", R_OK) = 0 12985 05:10:35 access("/dev/urandom", R_OK) = 0 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 9 12985 05:10:35 open("/dev/urandom", O_RDONLY) = 10 12985 05:10:35 open("/dev/./urandom", O_RDONLY) = 11 root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest2 root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 13047 05:13:58 access("/dev/./urandom", R_OK) = 0 13047 05:13:58 access("/dev/./urandom", R_OK) = 0 13047 05:13:58 access("/dev/urandom", R_OK) = 0 13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 5 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 6 13047 05:13:58 access("/dev/random", R_OK) = 0 13047 05:13:58 access("/dev/random", R_OK) = 0 13047 05:13:58 open("/dev/random", O_RDONLY) = 7 13047 05:13:58 open("/dev/random", O_RDONLY) = 8 13047 05:13:58 access("/dev/urandom", R_OK) = 0 13047 05:13:58 access("/dev/urandom", R_OK) = 0 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 9 13047 05:13:58 open("/dev/urandom", O_RDONLY) = 10 13047 05:13:58 open("/dev/./urandom", O_RDONLY) = 11 **** Okay, now some Open JDK 7 behaviour **** root@ip-10-213-153-146:~# java -version java version "1.7.0_65" OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1) @@ -94,14 +236,10 @@ root@ip-10-213-153-146:~# grep source /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ securerandom.source=file:/dev/urandom # Specifying this system property will override the securerandom.source root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest | more Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] root@ip-10-213-153-146:~# javac SecureRandomTest.java root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~# grep random srt.out @@ -145,7 +283,6 @@ root@ip-10-213-153-146:~# grep "read(13" srt.out 12132 03:59:58 read(13, "\305\360\267\344\340\224n\357\374\332\326\322\220\243\345\321.Ae\273 \"#\2647\217\331\253\5E\240{", 32) = 32 12132 03:59:58 read(13, "F3\263\354\240\340^\317\372\37\370\2162\334W\361\21\346\362z\324\323\37\237\2\337g\334\5\317_\346", 32) = 32 root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/urandom|source=file:/dev/random|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security root@ip-10-213-153-146:~# cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | grep source @@ -158,8 +295,6 @@ root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~# grep random srt.out 12212 04:07:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 @@ -173,5 +308,14 @@ root@ip-10-213-153-146:~# grep "read(13" srt.out root@ip-10-213-153-146:~# grep "read(14" srt.out 12212 04:07:13 read(14, "\212\234@Z\251|mO\4\300\360C\303\311\307\214\343\357\264\354", 20) = 20 root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/random|source=file:/dev/\./urandom|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~# grep random srt.out 12939 05:06:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 12939 05:06:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 12939 05:06:13 open("/dev/random", O_RDONLY) = 12 12939 05:06:13 open("/dev/urandom", O_RDONLY) = 13 12939 05:06:13 open("/dev/./urandom", O_RDONLY) = 14 -
Oct 29, 2014 . 1 changed file with 101 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,8 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b17) Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) root@ip-10-213-153-146:~/jdk1.8.0_25# cat jre/lib/security/java.security | grep source # Sun Provider SecureRandom seed source. # Select the primary source of seed data for the "SHA1PRNG" and @@ -74,3 +79,99 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out **** Okay, now some JAVA 7 (OpenJDK) behaviour **** root@ip-10-213-153-146:~# java -version java version "1.7.0_65" OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1) OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode) root@ip-10-213-153-146:~# grep source /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security # Select the source of seed data for SecureRandom. By default an # the securerandom.source property. If an exception occurs when securerandom.source=file:/dev/urandom # Specifying this system property will override the securerandom.source ^^^^ Ubuntu Trusty OpenJDK 7 seems to have /dev/urandom as default ? ^^^^ root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest | more Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] ^^^ Native PRNG is default ^^^ root@ip-10-213-153-146:~# javac SecureRandomTest.java root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~# grep random srt.out 12132 03:59:58 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 12132 03:59:58 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 12132 03:59:58 open("/dev/random", O_RDONLY) = 12 12132 03:59:58 open("/dev/urandom", O_RDONLY) = 13 root@ip-10-213-153-146:~# grep "read(12" srt.out root@ip-10-213-153-146:~# grep "read(13" srt.out 12132 03:59:58 read(13, "o\246\205\332\236\222i\333ox\300\10\263\27M\332\264\327\375\312", 20) = 20 12132 03:59:58 read(13, "\243U&\24%\234\6\4\241\350v\331(q\276ZC\21dJ\26f9\177\343\2466\2\314F\235g", 32) = 32 12132 03:59:58 read(13, "\30\323\367\275#{i<\277&A\374j]^\332\274j{j\375\261\372\265\22\254\307\"\220\37?\1", 32) = 32 12132 03:59:58 read(13, "J\244\232YH\205ph\237T\321\251V?\264\v\361\273\2\273\345&\354k4!\32=_\2)\301", 32) = 32 12132 03:59:58 read(13, "D,{\223_I\255\240\351\3554Gjl\201H\3747\313IDn>\362G\231\263\273b\361\213A", 32) = 32 12132 03:59:58 read(13, "Y!G\312N\341N\363\273\242`\365u\366\4\301`X\266L\261]W\307\355]\232\355M\206\344F", 32) = 32 12132 03:59:58 read(13, "O\6.\5\r\231\20T\242\3655\351\24\262\355\305\202(\263\376)\237%`\21Ss\222\202\304^>", 32) = 32 12132 03:59:58 read(13, "X\305\3636I>v\35\257M\344`\371(\6\313\327\261\202^\2\247\244\260\261\377\305\2\310f\243u", 32) = 32 12132 03:59:58 read(13, "\353\r\311\225i\245\274\20f1]\276KYE\270U\242\360\212Z\222i]}\333\210\t\213\273PS", 32) = 32 12132 03:59:58 read(13, "pL\323\241\202\213G\332\n`\7\316\223K\305\336g\356\237G\357\242\257DAHN5D\350H_", 32) = 32 12132 03:59:58 read(13, "\274\361\203-_\260O\333 \352]\2\237\337W\32\202<D\211r%#oh\22]\211\363\25\255v", 32) = 32 12132 03:59:58 read(13, "\202{E\31\357\236\347\354i\266\333\353\"M\310=\224\216\224\246\fS\17RX\6\260m4\337D\267", 32) = 32 12132 03:59:58 read(13, "\322~@7\301\201\342z0\rq\27\22\340g\0=}\203/\321p\252A\264\321\334\21\270E3U", 32) = 32 12132 03:59:58 read(13, "uA=\355\7\210\362\204r\v\2\376=w\335}\36O\232\4a\301\24\16igfZ\233\300\350\177", 32) = 32 12132 03:59:58 read(13, "\0104\261\212\224\237&\240\322\3538\267\373J\336w\2558#\325\364\fF2g\241\341\275\230t\v\311", 32) = 32 12132 03:59:58 read(13, "\300\232\344\307\210\300\1\257@[\260\310\232RF\225\235\320\221\356Gwn\240w[R\300\325\222\n\273", 32) = 32 12132 03:59:58 read(13, "\3529\375_(Tqg\361\345\316\21\341\vy\217\341\205T\257\204\v!\244n\336\263A\202\301\f\225", 32) = 32 12132 03:59:58 read(13, "\3426\2512\271\0\\\211B\325\373|\223t\375\370%\362\32\334S\33\230\263ym\332_\2\237\245(", 32) = 32 12132 03:59:58 read(13, "\31\351\307\234\325\233w3g\271\220\f\35\227u8\325\27\305\341k\204\205\216\330\22)\2513\361a\25", 32) = 32 12132 03:59:58 read(13, "\354\260\335\350NR\206\203X\322\257\1\313\235\320\342\221R\212z\17\270[\351\313\344\211\272\325\233+`", 32) = 32 12132 03:59:58 read(13, ":\233\254\226\355\346<\0319+\214\335xN\16y\36\17\204}\3522\264\273\30c\310\325W.\363R", 32) = 32 12132 03:59:58 read(13, "d3k\261f([\355.}i\342w\317\274a\210r\21\310$?4\344\353\325U\31\366\336\367\345", 32) = 32 12132 03:59:58 read(13, "\374\"\316#,\243\203\220W\366\226\227\255g\342fc\366h@\215\273\260-\4\243\35\246\33\220\372p", 32) = 32 12132 03:59:58 read(13, "\356\213\267 0R\215s\2005\375\10\345\177A\336\322\337\353\352\315\332\355\\\27\252\4\234#\252\366i", 32) = 32 12132 03:59:58 read(13, "H\371t\341\240\3044\312\356\311\376g\206@\0\374\346\rF\207\334\22\2-mA\375\3563>9\337", 32) = 32 12132 03:59:58 read(13, "\212\33\256\335\327*\215oiE\331\341`\230\35\365\256\361J:\3564\3749\266\210\243t\34\17F4", 32) = 32 12132 03:59:58 read(13, "\23\275\32\36E)kb\214-i\20n\\\225p\366\356\370\373\300\247\211\325\254\236\334\355\246\272\17L", 32) = 32 12132 03:59:58 read(13, "\364}}\6\255*\314\355m\333\6X\234\3063\31_\270\f#\201D\313]\3757~\6\325\253\226\23", 32) = 32 12132 03:59:58 read(13, "\276o\10\253\333\354\312\211 \6\240\322(\234W\354\254c^\365L\375(]\3555@\201\324F\24\n", 32) = 32 12132 03:59:58 read(13, "\314\2273\321\246\372\337\3117\16Twl\200\241\236\275Y\233l\211\312sc\274h\37l\327\253\304\360", 32) = 32 12132 03:59:58 read(13, "\223\276u?\260\305\3\306\3536B\377\344-\237\35kf\305\334\4}\241\6\267?\353\224\232zEh", 32) = 32 12132 03:59:58 read(13, "\305\360\267\344\340\224n\357\374\332\326\322\220\243\345\321.Ae\273 \"#\2647\217\331\253\5E\240{", 32) = 32 12132 03:59:58 read(13, "F3\263\354\240\340^\317\372\37\370\2162\334W\361\21\346\362z\324\323\37\237\2\337g\334\5\317_\346", 32) = 32 **** Now let's try it with /dev/random **** root@ip-10-213-153-146:~# sed -i "s|source=file:/dev/urandom|source=file:/dev/random|" /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security root@ip-10-213-153-146:~# cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | grep source # Select the source of seed data for SecureRandom. By default an # the securerandom.source property. If an exception occurs when securerandom.source=file:/dev/random # Specifying this system property will override the securerandom.source root@ip-10-213-153-146:~# java -Djava.security.debug=provider SecureRandomTest Provider: Set SUN provider property [SecureRandom.SHA1PRNG/sun.security.provider.SecureRandom] Provider: Set SUN provider property [SecureRandom.NativePRNG/sun.security.provider.NativePRNG] ^^ SHA1PRNG is now default ^^ root@ip-10-213-153-146:~# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~# grep random srt.out 12212 04:07:13 stat("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8), ...}) = 0 12212 04:07:13 stat("/dev/urandom", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 12212 04:07:13 open("/dev/random", O_RDONLY) = 12 12212 04:07:13 open("/dev/urandom", O_RDONLY) = 13 12212 04:07:13 open("/dev/random", O_RDONLY) = 14 root@ip-10-213-153-146:~# grep "read(12" srt.out 12217 04:07:13 read(12, <unfinished ...> root@ip-10-213-153-146:~# grep "read(13" srt.out root@ip-10-213-153-146:~# grep "read(14" srt.out 12212 04:07:13 read(14, "\212\234@Z\251|mO\4\300\360C\303\311\307\214\343\357\264\354", 20) = 20 ^^ yup, only getting seed information from /dev/random ^^ -
Oct 29, 2014 . No changes.There are no files selected for viewing
-
Oct 29, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,76 @@ root@ip-10-213-153-146:~/jdk1.8.0_25# cat jre/lib/security/java.security | grep source # Sun Provider SecureRandom seed source. # Select the primary source of seed data for the "SHA1PRNG" and # specified by the "securerandom.source" Security property. If an # "securerandom.source" Security property. securerandom.source=file:/dev/random root@ip-10-213-153-146:~/jdk1.8.0_25# cat SecureRandomTest.java import java.security.*; public class SecureRandomTest { public static void main(String[] args) { try { SecureRandom sr = new SecureRandom(); byte[] b = new byte[1024]; sr.nextBytes(b); } catch (Throwable t) { t.printStackTrace(); } } } root@ip-10-213-153-146:~/jdk1.8.0_25# javac SecureRandomTest.java root@ip-10-213-153-146:~/jdk1.8.0_25# strace -f -t -o srt.out java SecureRandomTest root@ip-10-213-153-146:~/jdk1.8.0_25# grep random srt.out 3347 03:28:23 access("/dev/random", R_OK) = 0 3347 03:28:23 access("/dev/random", R_OK) = 0 3347 03:28:23 access("/dev/urandom", R_OK) = 0 3347 03:28:23 open("/dev/random", O_RDONLY) = 5 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 6 3347 03:28:23 access("/dev/random", R_OK) = 0 3347 03:28:23 access("/dev/random", R_OK) = 0 3347 03:28:23 open("/dev/random", O_RDONLY) = 7 3347 03:28:23 open("/dev/random", O_RDONLY) = 8 3347 03:28:23 access("/dev/urandom", R_OK) = 0 3347 03:28:23 access("/dev/urandom", R_OK) = 0 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 9 3347 03:28:23 open("/dev/urandom", O_RDONLY) = 10 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(5" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(6" srt.out 3347 03:28:23 read(6, "\253F\22{Qh;\262\356\3454\227\2716\316u\305\n\16x", 20) = 20 3347 03:28:23 read(6, "W\7\323ae&\351w\254\327ER\276O\376\7;y6\6\375\3224\314\205\221\253V\34}s\332", 32) = 32 3347 03:28:23 read(6, "\354\220i\251\246b;\370\331\230\251>\346x\305/;\v\21\357\373\250\216\16\340\20\203sDY\345\233", 32) = 32 3347 03:28:23 read(6, "\342\23c\177B\200\5VpK\324\21\220?\230[\220\37\363\254\253\257\f\327\"\275\211p)\325\337@", 32) = 32 3347 03:28:23 read(6, "\364ME\262b\264\342U\200R\261\252\f\t\274u{a\343\313\356\223?\5\315/\200\204p;\23*", 32) = 32 3347 03:28:23 read(6, "Mm&\236\247\341=\221!\36\26\270{\262\345lW\355\215\352Fe\244\204H\354(Q\235\2\373\250", 32) = 32 3347 03:28:23 read(6, "\253i\272\250\216\324\"\374elj\263\33)'\376\177\326\345\341@\2010\365\0052\317!\327\243&\v", 32) = 32 3347 03:28:23 read(6, "\215\20o\372\204\360\303\262bo\256\200\210:\210\240U\376d\236\\\244|^\220}Q8X\211\"\6", 32) = 32 3347 03:28:23 read(6, "\366\256\31\2\230V4\335\364\2231\332;\4\t\373\265Uq7\3313\227:\233|5h\334\344\232\212", 32) = 32 3347 03:28:23 read(6, "\3N\0\2019l{\353)#>r\322M\215\1772\225HKd!\207\327U\365\35x\341\342\305\267", 32) = 32 3347 03:28:23 read(6, "\236\327\232\363\20\335\227\255K\307\345=\237w\343@\302\221.\347\24\235\270\362@\343t\374\217%\272X", 32) = 32 3347 03:28:23 read(6, "P\270\244I|G\1\250\232\361f\261P\204v}00\235\351\215\3308o\345\337}\207|\307\323o", 32) = 32 3347 03:28:23 read(6, "\324\371\t\2G\267 \315% \221\274\275\253\372\333\6\230\237\320\305[\254\3675v\277\344\252\16\362\264", 32) = 32 3347 03:28:23 read(6, "\303\202(f\225\220\273\314\326\200x\307#XN\362U\245w\3542\23\256,\253g&\205\263@\340C", 32) = 32 3347 03:28:23 read(6, "p\31\3\344\362\254\26\34\330mf\244\r\264\252\335\0019\345\16\211\207\361~2\6\257\211\33+\30\265", 32) = 32 3347 03:28:23 read(6, "+0\234\334\207\302\343p@\223\352Wyw5\320\264n\302\302N\4B\244\r\1\0-\33\235<\301", 32) = 32 3347 03:28:23 read(6, "~\317\v\330\2376\24\37\255\365RA\3122\221\207\313\377\0071\257+\5\225Yf\240\221-$\363f", 32) = 32 3347 03:28:23 read(6, "\3475\1\305:\233\355[\26\205{\312\354)txS\313\301\301\203\367\304\265\\\204d\354;Q\236\7", 32) = 32 3347 03:28:23 read(6, "\3433\36\244T\tB\263J\304#\370\303\20\275pKM\272\234/\3\226%m\204Q\322\345\215\233\270", 32) = 32 3347 03:28:23 read(6, "F\361\230e\206\226\254\337'\351S\250\252\357\317\5\35!\356R\27{\274H\357\302\311 \17F\275\350", 32) = 32 3347 03:28:23 read(6, "\203tZp\275\r^\204nIE`\336S\26\20\366r\333Oy\276ib\237,\254\347nf\274r", 32) = 32 3347 03:28:23 read(6, "\226\223]\363]'\23\222\343_r\200\"[\366\235\v~\347\311\346\rqf{`\245\220\322\200\322\244", 32) = 32 3347 03:28:23 read(6, "\257\325]L0\305zA\224\201\233W\320\371\271\305I\17\344\202\v\24y\202\231s\313\266\240\246\376.", 32) = 32 3347 03:28:23 read(6, "\222\343\2\226\23\270\347\210\204\5\355\300\255\356\3\21\22PX\273'\273\300\375SO*W\256\237Q\344", 32) = 32 3347 03:28:23 read(6, "\23|\2332a\237\233\362f\"\217O\253\245\331\322\242\231\267`\263{\0\2214{\277\353U\r\6\237", 32) = 32 3347 03:28:23 read(6, "fy\215Z\325i\320\22\326\347\17:\315\246\f\367\260Yj\212\233c\37\245\304\323\336LuW\216\266", 32) = 32 3347 03:28:23 read(6, "\205\261\251\372\r\257\37\217\322?\310.\30a\7\34a\360dVG\236s\334\237d11\374W\363\356", 32) = 32 3347 03:28:23 read(6, "`<f\313l\273jy\371\340]xj9S\226w^N\351\315\264,\263\6\330\324u\352\336\2\324", 32) = 32 3347 03:28:23 read(6, "\311\257\274\302\26\346\17%\263\345=\323\310\355\334\363V\204\273\222O\225j\324ZK\f\366\275t\233m", 32) = 32 3347 03:28:23 read(6, "+\3244t\371\330n\237\6\341\5\221\317\227\344\366\f\231\33\261|J#\273z\232\n\361i\275\322\266", 32) = 32 3347 03:28:23 read(6, "\25h5\300d\342\302\200\256\320\266w\301!\1_\377\7\251\247}\335[_e\224\267\275V\342R\217", 32) = 32 3347 03:28:23 read(6, "\4\237\256\226\260\25501\255\374,\f\367\325\32\315\345\241\301>\363N\315\267\273\247q\314\251\4E\321", 32) = 32 3347 03:28:23 read(6, "\v\6 +\3465\33>YZ\0\346i\275\354\330\10\232sd\23\374\7\304\331\247\"y\356\373\305\250", 32) = 32 root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(7" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(8" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(9" srt.out root@ip-10-213-153-146:~/jdk1.8.0_25# grep "read(10" srt.out