Java – How to deal with a slow SecureRandom generator


If you want a cryptographically strong random numbers in Java, you use SecureRandom. Unfortunately, SecureRandom can be very slow. If it uses /dev/random on Linux, it can block waiting for sufficient entropy to build up. How do you avoid the performance penalty?

Has anyone used Uncommon Maths as a solution to this problem?

Can anybody confirm that this performance problem has been solved in JDK 6?

Best Solution

You should be able to select the faster-but-slightly-less-secure /dev/urandom on Linux using:

However, this doesn't work with Java 5 and later (Java Bug 6202721). The suggested work-around is to use:

(note the extra /./)