Is your WebLogic Server slooow? Might be because of low entropy

Peter Lorenzen
05/02-2013

I have written a new more detailed post about this :-)

{ 6 comments… read them below or add one }

Jacco H. Landlust February 13, 2013 at 23:07

Usually I change securerandom.source in $JAVA_HOME/jre/lib/security/java.security to file:/dev/./urandom . This means that whoever runs WLS doesn’t have to bother about this parameter :) It is supposed to be a little less random than /dev/random , but I really don’t know what is the real risk in that.

Also I noticed that you have more issues with slowness caused by low entropy on VM’s than on physical hardware.

Anyway, great post. You have a new subscription to your blog :)

Peter Lorenzen February 14, 2013 at 20:20

Thanks Jacco. I updated the post with your tip :-)

KM May 9, 2013 at 17:11

Hi Peter,

Could you please expand on why

MEM_ARGS=”${MEM_ARGS} -Djava.security.egd=file:/dev/./urandom”

should not be used in production … ? Is it because the setDomain.sh gets overwritten? Performance issues?

I’m using

-Djava.security.egd=file:/dev/./urandom

in java.security with “securesource.source=file:/dev/urandom” commented out, which seems to work, but is that the right way of doing things?

Many thanks!

Peter Lorenzen May 10, 2013 at 09:57

Hi,
It is not real random numbers so it is not as secure. I do not know how big a risk this is.
Oracle writes “Note that this workaround should not be used in production environments because it uses pseudo-random numbers instead of genuine random numbers.”
http://docs.oracle.com/cd/E24329_01/doc.1211/e26593/issues.htm#BCFJJHAJ
Regards Peter

Edwin Biemond September 15, 2013 at 19:39

Hi,

Great post, rngd also helps for me

# install the package, its probably already there
yum install rng-tools

After installation you can try to start and get such error:
service rngd start

Starting rngd: can’t open entropy source(tpm or intel/amd rng)
Maybe RNG device modules are not loaded

Edit /etc/sysconfig/rngd
EXTRAOPTIONS=”-r /dev/urandom -o /dev/random -b”

# start the service
service rngd start

# also when it reboots
chkconfig rngd on

# check the settings
chkconfig –list rngd

Thanks

Peter Lorenzen September 15, 2013 at 20:00

Thanks for the tip Edwin :-)

Leave a Comment

{ 3 trackbacks }

Previous post:

Next post: