Jump to content
  • Spotfire Server running on Linux might be slowed down because there isn't enough entropy in the system


    When something is about to be encrypted a random number is needed. In order to create something random the operating system needs to find something which is can be used as a basis for that random number, often called entropy

    Introduction

    When something is about to be encrypted a random number is needed. In order to create something random the operating system needs to find something which is can be used as a basis for that random number, often called entropy. There are different sources, for example, the timing of keyboard events. When running in headless mode, without user interaction there are not as many sources for entropy. If there isn't enough entropy for a Linux server things might run slower.

    For Linux there are two sources of entropy:

    • /dev/random
    • /dev/urandom

    The first should give better randomness but is blocking. If there isn't enough randomness then operations will simply wait. For a nonheadless system, more randomness can be "harvested" based on mouse movement and key presses.

    It is possible to check how much entropy is available. Do

     cat /proc/sys/kernel/random/entropy_avail
     

     

    Hopefully, this will show a value above 100-200, all the time. If you want to test this, try to run

     cat /dev/random
     

    You will probably see that it will stop generating output and then some more characters will be generated from time to time. The pauses are caused by a lack of entropy.

    If you see that their system has a low value for available entropy then there are some possible solutions. It is possible to install a daemon that will collect more entropy for example from the processor. Check the Linux distribution for such daemons.

    There is also a nonblocking device: /dev/urandom

    This will not wait for entropy. Someone might argue that /dev/random gives better randomness, it is your choice. To use this nonblocking device, edit the file

    Instructions for Java 11 (TIBCO Spotfire 10.10 or later)
     

     <INSTALLATION ROOT>/jdk/conf/security/java.security
     

     

    Instructions for Java 8

     <INSTALLATION ROOT>/jdk/jre/lib/security/java.security
     

    replace securerandom.source entry with

     securerandom.source=file:/dev/urandom
     

    Since Java 9 it is possible to tune more parameters. Read more in the java.security file in the section "Sun Provider SecureRandom seed source".


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...