tag:blogger.com,1999:blog-6511332025931518473.post6536262540965288763..comments2023-01-23T20:02:45.853+05:30Comments on Sameeksha: Random number generation in Unix & PerformanceShilpi Mitrahttp://www.blogger.com/profile/13683221740304662904noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-6511332025931518473.post-90468525548342576292014-09-10T10:08:19.044+05:302014-09-10T10:08:19.044+05:30Hi Shilpi,
I followed your Solutions and the CF 1...Hi Shilpi,<br /><br />I followed your Solutions and the CF 10 cfhttp called is still very slow. I am running on CentOS 6. What Linux did you test this? <br /><br />Thanks. JDhttps://www.blogger.com/profile/02302686786352553159noreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-42490833961471503022013-10-04T19:45:01.375+05:302013-10-04T19:45:01.375+05:30I tried solution #1 with rngd on CentOS without an...I tried solution #1 with rngd on CentOS without any positive result. The CFHTTP calls still take much longer than on our dev machine which is running CF9.<br />On CF10 the first CFHTTP is fast (0.1seconds), all others are very slow (about 5seconds for google.com) - entropy_avail is good filled with about 3.8k-4k<br />Before we installed rngd it dropped to about 150 or 300 sometimes. But the lack of entropy is most likely not the reason why the CFHTTP calls get throttled.<br />Using /dev/./urandom (solutions #2,#3,#4 lol) reads like it is a unsecure workaround, which I cannot use.Seybsenhttps://www.blogger.com/profile/17459166802191262202noreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-51980926103343304842013-07-26T13:48:44.868+05:302013-07-26T13:48:44.868+05:30The difference between /dev/random and /dev/urando...The difference between /dev/random and /dev/urandom is that <br />/dev/random provides a limited (but relatively large) number of random bytes, and will block waiting that the kernel gives some more if the buffer is outrun, <br /><br />This is false on any platform where one should be running code intended for security: see https://en.wikipedia.org/wiki//dev/random#FreeBSD for details<br /><br />It should be noted that Linux's random number subsystem is generally considered insecure for most purposes.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-57054743943221600992013-07-23T20:28:42.206+05:302013-07-23T20:28:42.206+05:30I have personally not tried or researched on tools...I have personally not tried or researched on tools to introduce entropy. However Wikipedia recommends some of tools for various operating systems. <br /><br />ShilpiShilpi Mitrahttps://www.blogger.com/profile/13683221740304662904noreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-10673465087409730352013-06-13T23:11:47.257+05:302013-06-13T23:11:47.257+05:30If using solution #1, what third-party tools do yo...If using solution #1, what third-party tools do you recommend to introduce sufficient random entropy into one's system?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-53702128298134923942012-12-15T10:54:14.236+05:302012-12-15T10:54:14.236+05:30Thanks for sharing this. I was finding scenarios w...Thanks for sharing this. I was finding scenarios where SHA1PRNG was used.Shilpi Mitrahttps://www.blogger.com/profile/13683221740304662904noreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-18463734270227063972012-12-15T08:34:29.012+05:302012-12-15T08:34:29.012+05:30There is actually more to it as to where the rando...There is actually more to it as to where the random bits come from. Oracle JDK has several different PRNG implementations, depending on the OS and configuration: PKCS11, NativePRNG, SHA1PRNG, MSCAPI's WINDOWS-PRNG. The workaround you've described is only applicable to SHA1PRNG.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6511332025931518473.post-6618367940296495812012-04-13T15:52:00.238+05:302012-04-13T15:52:00.238+05:30Excellent post Shilpi! I am sure this will help a ...Excellent post Shilpi! I am sure this will help a lot of peopleRupesh Kumarhttps://www.blogger.com/profile/11403172559407967918noreply@blogger.com