From owner-freebsd-java@FreeBSD.ORG Tue Oct 21 08:18:29 2003 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86EF716A4BF for ; Tue, 21 Oct 2003 08:18:29 -0700 (PDT) Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E57943F3F for ; Tue, 21 Oct 2003 08:18:28 -0700 (PDT) (envelope-from daniel.fisher@vt.edu) Received: from zidane.cc.vt.edu (IDENT:mirapoint@evil-zidane [10.1.1.13]) by lennier.cc.vt.edu (8.12.8/8.12.8) with ESMTP id h9LFIR1K156241 for ; Tue, 21 Oct 2003 11:18:27 -0400 (EDT) Received: from psych.iad.vt.edu (psych.iad.vt.edu [128.173.13.108]) by zidane.cc.vt.edu (Mirapoint Messaging Server MOS 3.3.7-GR) with SMTP id CBO09091; Tue, 21 Oct 2003 11:18:26 -0400 (EDT) Date: Tue, 21 Oct 2003 11:17:43 -0400 From: Daniel Fisher To: freebsd-java@freebsd.org Message-Id: <20031021111743.44ea9b25.daniel.fisher@vt.edu> In-Reply-To: <20031020232351.GA58090@misty.eyesbeyond.com> References: <3F93E062.3030401@fork.pl> <20031020110839.54f1f3c8.daniel.fisher@vt.edu> <20031020232351.GA58090@misty.eyesbeyond.com> Organization: Virginia Tech X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: file:/dev/random generated exception: null X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2003 15:18:29 -0000 On Mon, 20 Oct 2003 17:23:51 -0600 Greg Lewis wrote: > On Mon, Oct 20, 2003 at 11:08:39AM -0400, Daniel Fisher wrote: > > Looks like you ran out of random bytes in /dev/random, which is not > > uncommon. > > If you want to avoid this error use /dev/urandom. > > -Djava.security.egd=file:/dev/urandom > > However, doing so will get you much lower quality random numbers. > Depending on how much you value security this may not be acceptable. > I'd try rndcontrol(8) first, as Alexey mentioned. In my experience /dev/urandom is the only way to guarantee that ssl connections do not fail due to lack of random bytes. This is a common problem on servers which make a lot of separate ssl connections and cannot gather enough entropy to keep up. However, if the load on your application allows using /dev/random you should do so. Just keep in mind you may see these errors every so often. There are also other ways to gather entropy, but I can't vouch for them: http://egd.sourceforge.net/ -- Daniel Fisher