java slow : entropy related issue

Question

I am running into an issue where java is slow when used over SSL. The solution is to add

-Djava.security.egd=file:/dev/./urandom

to java at the command line. Since I

Answer 1

I wouldn't recommend using urandom for SSL. Your problem is that your machine doesn't have enough entropy and using urandom doesn't solve this problem. Assuming your on Linux you can check the available entropy with:

cat /proc/sys/kernel/random/entropy_avail

If you are on a machine that has a hw random number generator you most probably want to install rngd. You can check if your cpu has one by issuing the command:

cat /proc/cpuinfo

Look for flags called rand. You can also check if the file /dev/hwrng is present. You might have/want to load the corresponding module:

ls /lib/modules/*/kernel/drivers/char/hw_random

For me this is:

sudo modprobe tpm-rng

To make it permanent:

echo tpm-rng | sudo tee -a /etc/modules

If you happen to be on Ubuntu/Debian just install the package rng-tools.

sudo aptitude install rng-tools

If you check your entropy before and after installing rng-tools you should see a significant increase.

The following command should show you available entropy sources:

sudo rngd -f -r /dev/hwrng -v

Note that if you need better security you want to mix multiple entropy sources. Not sure rng-tools supports this.