Skip to content

SecureRandom: Improving Performance

Terry edited this page Jan 14, 2022 · 2 revisions

Note: The following is only applicable to linux distros

Background Information

Within the driver, the use of the SecureRandom class has the potential of impacting query performance when using Always Encrypted with secure enclaves. As described in the documentation, SecureRandom may "...block as entropy is being gathered.." in order to build up sufficient entropy to generate a random value.

Workaround Solutions

Use /dev/urandom

SecureRandom reads from /dev/random which blocks. Instead, use /dev/urandom which doesn't block.

Solution 1. Edit java.security in your Java installation

In your Java installation, edit the file jre/lib/security/java.security to use /dev/urandom. Note that it is set as /dev/./urandom. For example, do the following:

securerandom.source=file:/dev/./urandom

Solution 2. Set /dev/urandom for java.security.egd JVM option

Pass in /dev/urandom as a JVM option like the following:

-Djava.security.egd=file:/dev/./urandom

Improve Entropy

In order to improve entropy to prevent blocking when reading from /dev/random, installing the haveged daemon will continuously collect entropy/noise.

For Ubuntu or Debian execute the following commands:

  1. apt-get install haveged
  2. update-rc.d haveged defaults
  3. service haveged start

For RHEL or CentOS execute the following commands:

  1. yum install haveged
  2. systemctl enable haveged
  3. systemctl start haveged
Clone this wiki locally