Janusgraph: Fix insecure randomness

Created on 19 Jan 2017  路  3Comments  路  Source: JanusGraph/janusgraph

Most helpful comment

I'm all for using SecureRandom vs. Random, but my understanding is that typically, more secure random generators require more entropy, and when you run out of such entropy sources, the consumers slow down while they wait for additional entropy. Are the uses of randomness really security-sensitive in JanusGraph? Should we be willing to pay a performance penalty by using more secure random generators?

Alternatively, users will need to use a workaround to avoid the slowdown, which will become a usability problem, which will impact user adoption: (a) user forgets / misses the docs about the workaround, (b) user finds the JanusGraph is too slow (due to the use of SecureRandom), (c) user never bothers asking on the mailing lists why it's slow, and instead chooses to evaluate something else.

Here are some references:

In particular, it appears that /dev/random used as source of entropy blocks when there's not enough entropy data, thus causing the slowdown. Several sources suggest using /dev/urandom instead:

That said, as per above, requiring users to make a manual workaround will affect user adoption, so this must be done automatically for them, without any extra manual steps on their part.

All 3 comments

I'm all for using SecureRandom vs. Random, but my understanding is that typically, more secure random generators require more entropy, and when you run out of such entropy sources, the consumers slow down while they wait for additional entropy. Are the uses of randomness really security-sensitive in JanusGraph? Should we be willing to pay a performance penalty by using more secure random generators?

Alternatively, users will need to use a workaround to avoid the slowdown, which will become a usability problem, which will impact user adoption: (a) user forgets / misses the docs about the workaround, (b) user finds the JanusGraph is too slow (due to the use of SecureRandom), (c) user never bothers asking on the mailing lists why it's slow, and instead chooses to evaluate something else.

Here are some references:

In particular, it appears that /dev/random used as source of entropy blocks when there's not enough entropy data, thus causing the slowdown. Several sources suggest using /dev/urandom instead:

That said, as per above, requiring users to make a manual workaround will affect user adoption, so this must be done automatically for them, without any extra manual steps on their part.

@amcp The explanation provided here by @mbrukman seems like a reasonable justification for these findings. It doesn't seem like we need the stronger randomness in these usages so it's probably not worth the extra performance cost. What do you think?

Not worth it.

Was this page helpful?
0 / 5 - 0 ratings