-
Notifications
You must be signed in to change notification settings - Fork 426
SecureRandom: Improving Performance
Note: The following is only applicable to linux distros
Within the driver, the use of the SecureRandom class has the potential of impacting query performance when using Always Encrypted with secure enclaves. As described in the documentation, SecureRandom may "...block as entropy is being gathered.." in order to build up sufficient entropy to generate a random value.
SecureRandom reads from /dev/random which blocks. Instead, use /dev/urandom which doesn't block.
Solution 1. Edit java.security in your Java installation
In your Java installation, edit the file jre/lib/security/java.security to use /dev/urandom. Note that it is set as /dev/./urandom. For example, do the following:
securerandom.source=file:/dev/./urandom
Solution 2. Set /dev/urandom for java.security.egd JVM option
Pass in /dev/urandom as a JVM option like the following:
-Djava.security.egd=file:/dev/./urandom
In order to improve entropy to prevent blocking when reading from /dev/random, installing the haveged daemon will continuously collect entropy/noise.
For Ubuntu or Debian execute the following commands:
- apt-get install haveged
- update-rc.d haveged defaults
- service haveged start
For RHEL or CentOS execute the following commands:
- yum install haveged
- systemctl enable haveged
- systemctl start haveged