file:/dev/random generated exception: null

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Oct 21 08:46:22 PDT 2003 

On Tue, Oct 21, 2003 at 11:17:43AM -0400, Daniel Fisher wrote:
> On Mon, 20 Oct 2003 17:23:51 -0600
> Greg Lewis <glewis at eyesbeyond.com> wrote:
> 
> > On Mon, Oct 20, 2003 at 11:08:39AM -0400, Daniel Fisher wrote:
> > > Looks like you ran out of random bytes in /dev/random, which is not
> > > uncommon.
> > > If you want to avoid this error use /dev/urandom.
> > > -Djava.security.egd=file:/dev/urandom
> > 
> > However, doing so will get you much lower quality random numbers.
> > Depending on how much you value security this may not be acceptable.
> > I'd try rndcontrol(8) first, as Alexey mentioned.
> 
> In my experience /dev/urandom is the only way to guarantee that ssl
> connections do not fail due to lack of random bytes.
> This is a common problem on servers which make a lot of separate ssl
> connections and cannot gather enough entropy to keep up.
> However, if the load on your application allows using /dev/random you
> should do so.
> Just keep in mind you may see these errors every so often.
> There are also other ways to gather entropy, but I can't vouch for them:
> http://egd.sourceforge.net/

egd just does in user space essentially what the kernel does in kernel
space to provide the entropy used for /dev/random.

If your system is a heavy user of randomness, and normal interrupt
activity isn't enough to keep up with demand, then you'll have to
provide an external source of randomness.  Some motherboard chipsets
nowadays have a built in random source -- which is just a diode that
gives you a 50-50 chance of being conductive at any time -- or you can
use certain Crypto accelerator cards: see ubsec(4) and hifn(4).

Alternatively this is the excuse you need to requisition that lava
lamp without which no contemporary machine room could be considered
complete...

    http://www.lavarnd.org/

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-java/attachments/20031021/c626ff17/attachment.bin

More information about the freebsd-java mailing list