Page History
Table of Contents |
---|
Problem
A JS7 - Credential Store can be used in a number of places. If access to a Credential Store is slow then you probably are hit by a problem with your entropy pool settings. This problem preferably can occur with Unix operating systems. This problem is not related to JS7.
The article explains why this happens and what you can do about it.
Entropy Pool Issues
The connection to a Credential Store requires random numbers to encrypt the connection. Java releases before 12 use the /dev/random
file for high quality of randomness. However, when the entropy pool is is falling falls below the number of 64 units then /dev/random
will block while reading random numbers.
Java can be configured to read from the file /dev/urandom
to get random numbers. The difference to the /dev/random
file is that /dev/urandom
does not block if random numbers are not immediately available.
Check Entropy Pool Issues (Unix)
Check Entropy Pool Configuration
You can check available entropy pool units with the command:
...
The /dev/random
file will deliver the next random number when the pool has reached more than 64 entropy units and otherwise blocks any application accessing the entropy pool. Such blocks can substantially delay access to a Credential Store.
Check Temporary Resolution
To verify the entropy pool being the root cause of this issue try this (requires root permission):
...
If this solves your problem then the connection to the Credential Store was not able to get random numbers from the OS in good time. Please note that the effect of the given commands is reverted on reboot.
Monitor Entropy Pool Use
You can check use of random numbers by running the following commands in two separate console windows:
...
Code Block | ||||
---|---|---|---|---|
| ||||
# initial test dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock # full test (should rngtest be available) rngtest -c 100 </dev/random |
Resolve Entropy Pool Issues
There are two alternative solutions: to modify modifying the Java security settings or to modify modifying the Java options in use.
Both solutions apply to Unix and Windows operating systems.
Modify Java Security Configuration
Java holds the security configuration for example with the ./jre/lib/security/java.security
or ./conf/security/java.security
files. Specific locations depend on the Java version in use. You can modify this file to point to /dev/urandom
instead of /dev/random
like this:
Code Block | ||||
---|---|---|---|---|
| ||||
# original configuration # securerandom.source=file:/dev/random # updated configuration securerandom.source=file:/dev/urandom |
Modify Java Options
Modify the JAVA_OPTIONS
environment variable for use with an Agent like this:
Code Block | ||||
---|---|---|---|---|
| ||||
JAVA_OPTIONS="-Djava.security.egd=file:///dev/urandom" |
Find further information from Further information can be found in the JS7 - How To - Apply Java Options article.