SecureRandom is very slow when executed in remote server | Together Java | Page 1

hearty nebula Jan 2, 2023, 12:14 PM

#

Hello

In the context of building an app to generate 4 digits random code as OTP code, I face something strange: when I try on my local dev environment, the generation is fast, but on server it takes around 15 mins! Any help please?

terse ruinBOT Jan 2, 2023, 12:14 PM

#

<@&987246964494204979> please have a look, thanks.

terse ruinBOT Jan 2, 2023, 12:14 PM

#

terse ruin <@&987246964494204979> please have a look, thanks.

#

While you are waiting for getting help, here are some tips to improve your experience:

Code is much easier to read if posted with syntax highlighting and proper formatting.

If nobody is calling back, that usually means that your question was not well asked and hence nobody feels confident enough answering. Try to use your time to elaborate, provide details, context, more code, examples and maybe some screenshots. With enough info, someone knows the answer for sure.

Don't forget to close your thread using the command </help-thread close:1027500463647621170> when your question has been answered, thanks.

fiery dock Jan 2, 2023, 12:22 PM

#

you might be falling victim to not collecting entropy quickly enough

#

https://stackoverflow.com/questions/137212/how-to-deal-with-a-slow-securerandom-generator

Stack Overflow

How to deal with a slow SecureRandom generator?

If you want a cryptographically strong random numbers in Java, you use SecureRandom. Unfortunately, SecureRandom can be very slow. If it uses /dev/random on Linux, it can block waiting for sufficient

#

we actually had this problem where I work and had to modify the random source

hearty nebula Jan 2, 2023, 12:30 PM

#

fiery dock we actually had this problem where I work and had to modify the random source

Do I use normal random?

fiery dock Jan 2, 2023, 12:31 PM

#

check out the SO post

hearty nebula Jan 2, 2023, 12:55 PM

#

fiery dock check out the SO post

You mean the solution?

fiery dock Jan 2, 2023, 12:55 PM

#

yeah

hearty nebula Jan 2, 2023, 12:57 PM

#

I don't get it, what should I do exactly ?

#

If you want a PRNG, do something like this:

SecureRandom.getInstance("SHA1PRNG");

fiery dock Jan 2, 2023, 12:58 PM

#

yeap try starting with this

hearty nebula Jan 2, 2023, 1:00 PM

#

The problem is: my team doesn't agree on this approach :/ I mean the use of SecureRandom

#

especially now after having this issue

fiery dock Jan 2, 2023, 1:00 PM

#

did you try the solution

#

and see if it improves the situation

hearty nebula Jan 2, 2023, 1:01 PM

#

I can but I have no issue in my local env

#

I want to test on server, but I'm afraid this will not solve the issue

#

btw I think the problem is maybe cause of linux

#

following this answer: https://stackoverflow.com/a/2325109/10000150

#

What do you think?

fiery dock Jan 2, 2023, 1:04 PM

#

the source of the problem is mentioned in many, many replies to that SO, which is the slow default entropy collection on linux machines

#

you don't have the problem locally because you have a different entropy storage, different sources of it and potentially a different OS with different collection algorithms

#

I recommend starting with the approved answer

hearty nebula Jan 2, 2023, 1:10 PM

#

fiery dock you don't have the problem locally because you have a different entropy storage,...

Ahaa

hearty nebula Jan 2, 2023, 3:24 PM

#

Got it! thank you @fiery dock

#SecureRandom is very slow when executed in remote server