Introduction
When something is about to be encrypted a random number is needed. In order to create something random the operating system needs to find something which is can be used as a basis for that random number, often called entropy. There are different sources, for example, the timing of keyboard events. When running in headless mode, without user interaction there are not as many sources for entropy. If there isn't enough entropy for a Linux server things might run slower.
For Linux there are two sources of entropy:
- /dev/random
- /dev/urandom
The first should give better randomness but is blocking. If there isn't enough randomness then operations will simply wait. For a nonheadless system, more randomness can be "harvested" based on mouse movement and key presses.
It is possible to check how much entropy is available. Do
cat /proc/sys/kernel/random/entropy_avail
Hopefully, this will show a value above 100-200, all the time. If you want to test this, try to run
cat /dev/random
You will probably see that it will stop generating output and then some more characters will be generated from time to time. The pauses are caused by a lack of entropy.
If you see that their system has a low value for available entropy then there are some possible solutions. It is possible to install a daemon that will collect more entropy for example from the processor. Check the Linux distribution for such daemons.
There is also a nonblocking device: /dev/urandom
This will not wait for entropy. Someone might argue that /dev/random
gives better randomness, it is your choice. To use this nonblocking device, edit the file
Instructions for Java 11 (TIBCO Spotfire 10.10 or later)
<INSTALLATION ROOT>/jdk/conf/security/java.security
Instructions for Java 8
<INSTALLATION ROOT>/jdk/jre/lib/security/java.security
replace securerandom.source
entry with
securerandom.source=file:/dev/urandom
Since Java 9 it is possible to tune more parameters. Read more in the java.security
file in the section "Sun Provider SecureRandom seed source".
Recommended Comments
There are no comments to display.