java Tomcat 7 中更快的随机生成器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7554831/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Faster random generator in Tomcat 7
提问by kayahr
I have the problem that Tomcat 7 is terribly slow on startup. I found this in the log file:
我的问题是 Tomcat 7 在启动时非常慢。我在日志文件中找到了这个:
INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [12,367] milliseconds.
Security is important, sure, but not on my development machine. I could perfectly live with a standard fast random number generator. So I don't need this ridiculously slow SecureRandom implementation.
安全很重要,当然,但在我的开发机器上不是。我可以完美地使用标准的快速随机数生成器。所以我不需要这种慢得可笑的 SecureRandom 实现。
Question is: How can I disable it? Is searched for a solution but only found some deprecated info about a randomClassattribute which can be set to java.util.Random. I also found out that this attribute seems to be named secureRandomClassnow in Tomcat 7. I tried to set it to java.util.Randombut this fails because Tomcat 7 casts the object to java.util.SecureRandom (And it's also documented that the specified class must extend java.util.SecureRandom, so it's no longer possible to use java.util.Random instead.)
问题是:如何禁用它?正在搜索解决方案,但只找到了一些关于randomClass可以设置为的属性的已弃用信息java.util.Random。我还发现这个属性secureRandomClass现在似乎在 Tomcat 7 中被命名。我试图将它设置为java.util.Random但失败,因为 Tomcat 7 将对象强制转换为 java.util.SecureRandom(并且它还记录了指定的类必须扩展 java.util.SecureRandom。 util.SecureRandom,因此不再可能使用 java.util.Random 代替。)
So how can I get rid of this terribly slow random number generator startup so my development tomcat starts/restarts as fast as possible?
那么我怎样才能摆脱这种非常缓慢的随机数生成器启动,以便我的开发 tomcat 尽快启动/重新启动?
采纳答案by mikera
You probably need to patch Tomcat.
您可能需要修补 Tomcat。
Though as a hack, you could always try extending java.util.SecureRandom with something that wraps a standard java.util.Random instance....... this would get past the cast problem at least.
虽然作为一个黑客,你总是可以尝试使用包装标准 java.util.Random 实例的东西扩展 java.util.SecureRandom ......这至少可以解决转换问题。
One other thought.... could the slowdown be due to an exhausted entropy pool? You might want to try getting more entropy into the pool, this might make it go really fast.
另一个想法....减速可能是由于熵池耗尽造成的吗?您可能想尝试将更多熵加入池中,这可能会使其运行得非常快。
回答by levsa
According to TomCat Wikiyou can use non blocking entropy source:
根据TomCat Wiki,您可以使用非阻塞熵源:
"There is a way to configure JRE to use a non-blocking entropy source by setting the following system property: -Djava.security.egd=file:/dev/./urandom"
“有一种方法可以通过设置以下系统属性来配置 JRE 以使用非阻塞熵源:-Djava.security.egd=file:/dev/./urandom”
回答by wLSbj
You might need to install Havegedon your server.
您可能需要在服务器上安装Haveged。
Tomcat is using SecureRandomto generate secure id on startup, and SecureRandom is using /dev/randomor /dev/urandomto generate random number.
Tomcat在启动时使用SecureRandom生成安全 ID,而 SecureRandom 使用/dev/random或/dev/urandom生成随机数。
In some headless linux environment, /dev/randomentropy pools might produce low quality of randomness and respond very slow on generating random number.
在一些无头 linux 环境中,/dev/random熵池可能会产生低质量的随机性并且在生成随机数时响应非常缓慢。
There is good article on explaining how Havegedcan solve this problem.
有一篇很好的文章解释了Haveged如何解决这个问题。
how-to-setup-additional-entropy-for-cloud-servers-using-haveged
回答by yuceel
just find securerandom.source=...from $JAVA_PATH/jre/lib/security/java.securityfile and change it as securerandom.source=file:/dev/./urandom
只需securerandom.source=...从$JAVA_PATH/jre/lib/security/java.security文件中查找并将其更改为securerandom.source=file:/dev/./urandom
回答by drop table
Old problem, but still around... In my case with an embedded Tomcat.
老问题,但仍然存在......在我的情况下,嵌入式Tomcat。
The -Djava.security.egd=file:/dev/./urandomsolution did not work for me. So I googled until understanding the issue, but after a few tests with lsofit was apparent that the workaround doesn't work anymore. A quick look at the codeconfirmed that the current implementation ignores this system property.
该-Djava.security.egd=file:/dev/./urandom解决方案对我不起作用。所以我用谷歌搜索直到理解了这个问题,但经过几次测试后lsof,很明显该解决方法不再起作用。快速查看代码确认当前实现忽略了这个系统属性。
The problem is Tomcat blocking on /dev/random, so I looked for ways to add entropy to the system and found this answerwhich worked great!In Debian as root:
问题是Tomcat的阻塞/dev/random,所以我就开始寻找熵添加到系统中,发现这个答案这真是棒极了!在 Debian 中作为 root:
apt-get install rng-tools
rngd -r /dev/urandom # Run once during system start up
It may not be as super-duper-secure, but in my opinion is more that enough for session id generation.
它可能不是超级安全,但在我看来,对于会话 ID 生成来说已经足够了。
By the way, I ended up using Jetty. Much quicker if you don't need all the features of Tomcat.
顺便说一句,我最终使用了 Jetty。如果您不需要 Tomcat 的所有功能,速度会更快。
回答by user2781824
If your hardware supports it try using Java RdRand Utility available at: http://code.google.com/p/lizalab-rdrand-util/
如果您的硬件支持它,请尝试使用 Java RdRand Utility,网址为:http: //code.google.com/p/lizalab-rdrand-util/
Its based on Intel's RDRAND instruction and is about 10 times faster than SecureRandom and no bandwidth issues for large volume implementation.
它基于 Intel 的 RDRAND 指令,比 SecureRandom 快 10 倍左右,并且在大批量实施时没有带宽问题。
Full disclosure, I'm the author of the utility.
完全披露,我是该实用程序的作者。
