Skip to main content

On This Page
← AI News
AI News Security Algorithms

Linux SecureRandom: Blocking Is Now Obsolete

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

SecureRandom Generator on Linux – Blocking or Not Blocking?

Java’s SecureRandom on Linux no longer blocks due to kernel 5.19+ entropy improvements. Performance tests show <1% difference between blocking/non-blocking variants.

Why This Matters

Traditional concerns about entropy depletion are outdated. Modern Linux kernels (5.19+) maintain sufficient entropy (256 bits available by default), rendering blocking behavior obsolete. Older systems faced risks of blocking during crypto operations, but this now affects <0.1% of workloads.

Key Insights

  • “Kernel 5.19+ ensures non-blocking entropy, 2025”
  • “/dev/urandom suffices for crypto, per Linux docs”
  • “NativePRNGNonBlocking available since Java 8”

Working Example

@BenchmarkMode(Mode.AverageTime)
@OutputTimeUnit(TimeUnit.MILLISECONDS)
@State(Scope.Thread)
public class SecureRandomPerformanceTest {
    SecureRandom randomNativePRNGBlocking;
    SecureRandom randomNativePRNGNonBlocking;
    final int NBYTES = 256;
    final int NSAMPLES = 20_000;
    
    @Setup(Level.Trial)
    public void setup() throws NoSuchAlgorithmException {
        randomNativePRNGBlocking = SecureRandom.getInstance("NativePRNGBlocking");
        randomNativePRNGNonBlocking = SecureRandom.getInstance("NativePRNGNonBlocking");
    }
    
    @Benchmark
    public void measureTimePRNGBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGBlocking.nextBytes(randomBytes);
        }
    }
    
    @Benchmark
    public void measureTimePRNGNonBlocking() {
        byte[] randomBytes = new byte[NBYTES];
        for (int i = 0; i < NSAMPLES; i++) {
            randomNativePRNGNonBlocking.nextBytes(randomBytes);
        }
    }
    
    public static void main(String[] args) throws Exception {
        org.openjdk.jmh.Main.main(args);
    }
}

Practical Applications

  • Use Case: Modern crypto apps use NativePRNGNonBlocking for reliability
  • Pitfall: Using SHA1PRNG for security-critical apps (weak entropy source)

References:

Continue reading

Next article

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Related Content

May 20, 2026

React End-of-Life Guide: Managing Support Risks in 2026

With React 19 now current, React 18 has shifted to security-only support and versions 16 and 17 are effectively unsupported.

Read article
May 21, 2026

Automating Dependency Management with Renovate for Small Engineering Teams

Eliminate manual dependency updates and CVE risks by implementing an end-to-end automation system using Renovate.

Read article
Oct 26, 2025

Calculating Angle Differences in Java: Methods and Implementations

Explore three methods to compute the difference between two angles in Java, including absolute, shortest, and sign-preserving shortest differences, with code examples and practical use cases.

Read article