ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiayi Liu (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2700) creating service sometimes fails because SecureRandom.getInstanceStrong() is very slow
Date Tue, 14 Jan 2020 07:23:00 GMT
Jiayi Liu created RANGER-2700:
---------------------------------

             Summary: creating service sometimes fails because SecureRandom.getInstanceStrong()
is very slow
                 Key: RANGER-2700
                 URL: https://issues.apache.org/jira/browse/RANGER-2700
             Project: Ranger
          Issue Type: Improvement
          Components: admin
    Affects Versions: ranger-2.0
            Reporter: Jiayi Liu


I try to install ranger-2.0.0 on my cluster, however when I try to create a new service in
WebUI, I often get an error that createService failed. I try to debug through the source code,
and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong()
to get the random byte array. We can find a lot of information showing that this function
often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random
blocks the thread if there isn't enough randomness available, but /dev/urandom will never
block. SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"),
and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking").
/dev/random and /dev/urandom use the same pool of randomness under the hood, and they are
equally secure. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message