You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Jiayi Liu (Jira)" <ji...@apache.org> on 2020/01/14 07:28:00 UTC
[jira] [Updated] (RANGER-2700) creating service sometimes fails
because SecureRandom.getInstanceStrong() is very slow
[ https://issues.apache.org/jira/browse/RANGER-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jiayi Liu updated RANGER-2700:
------------------------------
Description:
I try to install ranger-2.0.0 on my cluster, however when I try to create a new service in WebUI, I often get an error that createService failed.
I try to debug through the source code, and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random byte array. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block.
SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure.
was:I try to install ranger-2.0.0 on my cluster, however when I try to create a new service in WebUI, I often get an error that createService failed. I try to debug through the source code, and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random byte array. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block. SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure.
> creating service sometimes fails because SecureRandom.getInstanceStrong() is very slow
> --------------------------------------------------------------------------------------
>
> Key: RANGER-2700
> URL: https://issues.apache.org/jira/browse/RANGER-2700
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: ranger-2.0
> Reporter: Jiayi Liu
> Priority: Major
>
> I try to install ranger-2.0.0 on my cluster, however when I try to create a new service in WebUI, I often get an error that createService failed.
> I try to debug through the source code, and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random byte array. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block.
> SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)