为 JVM 提供熵
Providing Entropy To JVM
我一直在为 Java 试用 BouncyCastle API 并慢慢阅读他们的 "Java Cryptography - Tools and Techniques" 电子书。这本书包含一个标题为 "A Word About Entropy" 的简短部分,其中陈述了以下内容:
What the JVM is using as an entropy source will vary, on Linux for example, it is normally set to “/dev/random” which may block. Usually installing
“rng-tools” or the nearest equivalent will deal with this as it will also
expose any underlying hardware supporting RNG generation to be used for
seeding “/dev/random”. With some virtual environments hardware RNG may
never be available, in that case it is important to find other ways of making entropy available to your JVM. Ways of doing this will vary with the environment you are using.
我可能误解了这段摘录的意思,但我究竟如何才能使熵对 JVM 可用?除了说明 "Ways of doing this will vary with the environment you are using" 之外,这本书对此并没有具体说明。是否有某种我不知道的熵 SPI 可用于为 JVM 提供熵源?我的问题不是如何生成熵或从 JVM 中检索它,而是如果我已经知道并可以访问可靠的熵源(例如随机位文件),我该如何制作这个熵源JVM 是否可用,以便在其他安全熵源不可用的情况下,它可以用于播种?
这可能因 JVM 供应商而异,但根据
避免由随机数生成引起的 JVM 延迟 for Sun/Oracle JVM 可以在 $JAVA_HOME/jre/lib/security/java.security 文件中设置 securerandom.source 属性。这允许改变熵的来源,例如从 /dev/random 到 /dev/urandom。
要添加更多熵,只需写入 /dev/random。根据 this answer 这可能不安全但是:
It is also possible to write to /dev/random. This allows any user to mix random data into the pool.
我认为您的引述至少没有准确反映 Oracle JVM。这是通常默认选择的 NativePRNG class 的 Javadoc。
public final class NativePRNG extends java.security.SecureRandomSpi
Native PRNG implementation for Solaris/Linux/MacOS. It obtains seed
and random numbers by reading system files such as the special device
files /dev/random and /dev/urandom. This implementation respects the
securerandom.source Security property and java.security.egd System
property for obtaining seed material. If the file specified by the
properties does not exist, /dev/random is the default seed source.
/dev/urandom is the default source of random numbers.
On some Unix platforms, /dev/random may block until enough entropy is
available, but that may negatively impact the perceived startup time.
By selecting these sources, this implementation tries to strike a
balance between performance and security.
如您所见,/dev/urandom 而不是 /dev/random 是熵的默认来源。
我一直在为 Java 试用 BouncyCastle API 并慢慢阅读他们的 "Java Cryptography - Tools and Techniques" 电子书。这本书包含一个标题为 "A Word About Entropy" 的简短部分,其中陈述了以下内容:
What the JVM is using as an entropy source will vary, on Linux for example, it is normally set to “/dev/random” which may block. Usually installing “rng-tools” or the nearest equivalent will deal with this as it will also expose any underlying hardware supporting RNG generation to be used for seeding “/dev/random”. With some virtual environments hardware RNG may never be available, in that case it is important to find other ways of making entropy available to your JVM. Ways of doing this will vary with the environment you are using.
我可能误解了这段摘录的意思,但我究竟如何才能使熵对 JVM 可用?除了说明 "Ways of doing this will vary with the environment you are using" 之外,这本书对此并没有具体说明。是否有某种我不知道的熵 SPI 可用于为 JVM 提供熵源?我的问题不是如何生成熵或从 JVM 中检索它,而是如果我已经知道并可以访问可靠的熵源(例如随机位文件),我该如何制作这个熵源JVM 是否可用,以便在其他安全熵源不可用的情况下,它可以用于播种?
这可能因 JVM 供应商而异,但根据
避免由随机数生成引起的 JVM 延迟 for Sun/Oracle JVM 可以在 $JAVA_HOME/jre/lib/security/java.security 文件中设置 securerandom.source 属性。这允许改变熵的来源,例如从 /dev/random 到 /dev/urandom。
要添加更多熵,只需写入 /dev/random。根据 this answer 这可能不安全但是:
It is also possible to write to /dev/random. This allows any user to mix random data into the pool.
我认为您的引述至少没有准确反映 Oracle JVM。这是通常默认选择的 NativePRNG class 的 Javadoc。
public final class NativePRNG extends java.security.SecureRandomSpi
Native PRNG implementation for Solaris/Linux/MacOS. It obtains seed and random numbers by reading system files such as the special device files /dev/random and /dev/urandom. This implementation respects the
securerandom.sourceSecurity property andjava.security.egdSystem property for obtaining seed material. If the file specified by the properties does not exist, /dev/random is the default seed source. /dev/urandom is the default source of random numbers.On some Unix platforms, /dev/random may block until enough entropy is available, but that may negatively impact the perceived startup time. By selecting these sources, this implementation tries to strike a balance between performance and security.
如您所见,/dev/urandom 而不是 /dev/random 是熵的默认来源。