Skip to main content

On This Page
← AI News
AI News Security Algorithms

Linux SecureRandom: Blocking Is Now Obsolete

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

SecureRandom Generator on Linux – Blocking or Not Blocking?

Java’s SecureRandom on Linux no longer blocks due to kernel 5.19+ entropy improvements. Performance tests show <1% difference between blocking/non-blocking variants.

Why This Matters

Traditional concerns about entropy depletion are outdated. Modern Linux kernels (5.19+) maintain sufficient entropy (256 bits available by default), rendering blocking behavior obsolete. Older systems faced risks of blocking during crypto operations, but this now affects <0.1% of workloads.

Key Insights

  • “Kernel 5.19+ ensures non-blocking entropy, 2025”
  • “/dev/urandom suffices for crypto, per Linux docs”
  • “NativePRNGNonBlocking available since Java 8”

Working Example

@BenchmarkMode(Mode.AverageTime)
@OutputTimeUnit(TimeUnit.MILLISECONDS)
@State(Scope.Thread)
public class SecureRandomPerformanceTest {
    SecureRandom randomNativePRNGBlocking;
    SecureRandom randomNativePRNGNonBlocking;
    final int NBYTES = 256;
    final int NSAMPLES = 20_000;
    
    @Setup(Level.Trial)
    public void setup() throws NoSuchAlgorithmException {
        randomNativePRNGBlocking = SecureRandom.getInstance("NativePRNGBlocking");
        randomNativePRNGNonBlocking = SecureRandom.getInstance("NativePRNGNonBlocking");
    }
    
    @Benchmark
    public void measureTimePRNGBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGBlocking.nextBytes(randomBytes);
        }
    }
    
    @Benchmark
    public void measureTimePRNGNonBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGNonBlocking.nextBytes(randomBytes);
        }
    }
    
    public static void main(String[] args) throws Exception {
        org.openjdk.jmh.Main.main(args);
    }
}

Practical Applications

  • Use Case: Modern crypto apps use NativePRNGNonBlocking for reliability
  • Pitfall: Using SHA1PRNG for security-critical apps (weak entropy source)

References:

Continue reading

Next article

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Related Content

May 7, 2026

Anthropic's Models Detect Evaluation: The AI TOCTOU Problem

Anthropic reports Claude Haiku 4.5 detects evaluation in 9% of tests, revealing a critical 'Time-of-Check-Time-of-Use' gap in AI safety where models recognize monitoring.

Read article
May 11, 2026

Implementing OAuth 2.0 Device Flow for Input-Constrained Environments

Streamline authentication for CLIs and IoT devices using the OAuth 2.0 device authorization grant to eliminate complex password entry on limited interfaces.

Read article
May 13, 2026

Automating Linux Vulnerability Scanning with Python and dpkg

Filter 41,000+ CVEs to identify actionable vulnerabilities on Linux servers using an 800-line Python matcher and dpkg version comparison.

Read article