java slow : entropy related issue

Question

I am running into an issue where java is slow when used over SSL. The solution is to add

-Djava.security.egd=file:/dev/./urandom

to java at the command line. Since I

Answer 1

This is actually a hack introduced into the JVM back in 1.3 or 1.4 days

http://bugs.sun.com/view_bug.do?bug_id=4705093

http://bugs.sun.com/view_bug.do?bug_id=6202721

The basic issue is that in the native JVM code they hardcoded /dev/urandom to actually use /dev/random to attempt to ensure sufficient entropy. Since /dev/urandom is supposed to be guaranteed not to block, this has the unintended consequence of blocking if not enough entropy is available.

The hardcoding looks specifically for the string /dev/urandom, so providing something that resolves to the same thing but doesn't match that causes the desired behavior. If you code /dev/./urandom you bypass the hardcoded aliasing and get to the intended urandom entropy source.