Skip to main content

On This Page
← AI News
AI News Security Algorithms

Linux SecureRandom: Blocking Is Now Obsolete

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

SecureRandom Generator on Linux – Blocking or Not Blocking?

Java’s SecureRandom on Linux no longer blocks due to kernel 5.19+ entropy improvements. Performance tests show <1% difference between blocking/non-blocking variants.

Why This Matters

Traditional concerns about entropy depletion are outdated. Modern Linux kernels (5.19+) maintain sufficient entropy (256 bits available by default), rendering blocking behavior obsolete. Older systems faced risks of blocking during crypto operations, but this now affects <0.1% of workloads.

Key Insights

  • “Kernel 5.19+ ensures non-blocking entropy, 2025”
  • “/dev/urandom suffices for crypto, per Linux docs”
  • “NativePRNGNonBlocking available since Java 8”

Working Example

@BenchmarkMode(Mode.AverageTime)
@OutputTimeUnit(TimeUnit.MILLISECONDS)
@State(Scope.Thread)
public class SecureRandomPerformanceTest {
    SecureRandom randomNativePRNGBlocking;
    SecureRandom randomNativePRNGNonBlocking;
    final int NBYTES = 256;
    final int NSAMPLES = 20_000;
    
    @Setup(Level.Trial)
    public void setup() throws NoSuchAlgorithmException {
        randomNativePRNGBlocking = SecureRandom.getInstance("NativePRNGBlocking");
        randomNativePRNGNonBlocking = SecureRandom.getInstance("NativePRNGNonBlocking");
    }
    
    @Benchmark
    public void measureTimePRNGBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGBlocking.nextBytes(randomBytes);
        }
    }
    
    @Benchmark
    public void measureTimePRNGNonBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGNonBlocking.nextBytes(randomBytes);
        }
    }
    
    public static void main(String[] args) throws Exception {
        org.openjdk.jmh.Main.main(args);
    }
}

Practical Applications

  • Use Case: Modern crypto apps use NativePRNGNonBlocking for reliability
  • Pitfall: Using SHA1PRNG for security-critical apps (weak entropy source)

References:

Continue reading

Next article

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Related Content

Jun 13, 2026

Optimizing OpenConnect VPN Workflows with VPN Up for macOS and Linux

VPN Up provides a secure, scriptable CLI manager for OpenConnect, adding named profiles and secure secret storage to Cisco AnyConnect workflows.

Read article
Oct 26, 2025

Calculating Angle Differences in Java: Methods and Implementations

Explore three methods to compute the difference between two angles in Java, including absolute, shortest, and sign-preserving shortest differences, with code examples and practical use cases.

Read article
Nov 21, 2025

Introducing SSH Secure Audit: A Lightweight Open-Source SSH Security Scanner for Linux

SSH Secure Audit is a new open-source tool that quickly identifies risky SSH configurations on Linux systems.

Read article