You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Rasmus Rhein Helwigh (JIRA)" <ji...@apache.org> on 2007/10/01 10:16:50 UTC
[jira] Commented: (WSS-88) SecureRandom.getInstance("SHA1PRNG") is
slow on IBM JDK 1.4.2 (And perhaps others)
[ https://issues.apache.org/jira/browse/WSS-88?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531435 ]
Rasmus Rhein Helwigh commented on WSS-88:
-----------------------------------------
I've looked a bit at this problem, and the real problem is that the method
java.security.SecureRandom.getInstance("SHA1PRNG")
is used to setup a new random instance. Therefore this method should only be called once, since calling random.nextBytes(bytes3) after a call to getInstance will be slow.
If the random generator is cached, performance will be good again.
Example:
byte bytes1[] = new byte[32];
byte bytes2[] = new byte[32];
byte bytes3[] = new byte[32];
SecureRandom random;
random = SecureRandom.getInstance("SHA1PRNG");
random.nextBytes(bytes1); // This takes about 2.4 seconds on IBM JDK because it's right after getInstance.
random.nextBytes(bytes2); // This tankes about 0 seconds.
random = SecureRandom.getInstance("SHA1PRNG");
random.nextBytes(bytes3); // This takes 2.4 seconds again.
> SecureRandom.getInstance("SHA1PRNG") is slow on IBM JDK 1.4.2 (And perhaps others)
> ----------------------------------------------------------------------------------
>
> Key: WSS-88
> URL: https://issues.apache.org/jira/browse/WSS-88
> Project: WSS4J
> Issue Type: Improvement
> Environment: Windows/ Solaris IBM JDK 1.4.2
> Reporter: Rasmus Rhein Helwigh
>
> The methods
> org.apache.ws.security.message.WSSecEncryptedKey.generateEphemeralKey
> org.apache.ws.security.message.token ( static )
> org.apache.ws.security.util.generateNonce
> all use the method
> java.security.SecureRandom.getInstance("SHA1PRNG")
> generating random numbers with this instance is very slow on the IBM JDK ( Generating 32 random bytes takes about 2 seconds, where it it takes less that 1ms on SUN's jdk ).
> Would it be possible to use another random algorithm that performs better?
> The IBM JDK method SecureRandom.getInstance("IBMSecureRandom"); performs as good as the one in the sun API.
> ----- Notes ----
> The reason I'm filing this improvement is because I'm using rampart to request a Secure Token from a Tokenservice. Because of the above mentioned problem, issuing a token takes 7.4 secons on a 2.4 ghz windows machine using IBM jdk 1.4.2. On Suns JDK it takes 200ms.
> As a result, I'm forced to use a custom build version of the WSS4J, but I'd really prefer to use the std API.
> I know this could be seen as an error in the IBM jdk, but I'd prefer if I could get the improvement done in the WSS4J API.
> Regards Rasmus Helwigh, Safewhere
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org