Fortify - Use SecureRandom instead of Random
I'm all for using SecureRandom vs. Random, but my understanding is that typically, more secure random generators require more entropy, and when you run out of such entropy sources, the consumers slow down while they wait for additional entropy. Are the uses of randomness really security-sensitive in JanusGraph? Should we be willing to pay a performance penalty by using more secure random generators?
Alternatively, users will need to use a workaround to avoid the slowdown, which will become a usability problem, which will impact user adoption: (a) user forgets / misses the docs about the workaround, (b) user finds the JanusGraph is too slow (due to the use of SecureRandom), (c) user never bothers asking on the mailing lists why it's slow, and instead chooses to evaluate something else.
Here are some references:
java.security.SecureRandomSecureRandom & /dev/randomIn particular, it appears that /dev/random used as source of entropy blocks when there's not enough entropy data, thus causing the slowdown. Several sources suggest using /dev/urandom instead:
/dev/urandomThat said, as per above, requiring users to make a manual workaround will affect user adoption, so this must be done automatically for them, without any extra manual steps on their part.
@amcp The explanation provided here by @mbrukman seems like a reasonable justification for these findings. It doesn't seem like we need the stronger randomness in these usages so it's probably not worth the extra performance cost. What do you think?
Not worth it.
Most helpful comment
I'm all for using
SecureRandomvs.Random, but my understanding is that typically, more secure random generators require more entropy, and when you run out of such entropy sources, the consumers slow down while they wait for additional entropy. Are the uses of randomness really security-sensitive in JanusGraph? Should we be willing to pay a performance penalty by using more secure random generators?Alternatively, users will need to use a workaround to avoid the slowdown, which will become a usability problem, which will impact user adoption: (a) user forgets / misses the docs about the workaround, (b) user finds the JanusGraph is too slow (due to the use of
SecureRandom), (c) user never bothers asking on the mailing lists why it's slow, and instead chooses to evaluate something else.Here are some references:
java.security.SecureRandomSecureRandom&/dev/randomIn particular, it appears that
/dev/randomused as source of entropy blocks when there's not enough entropy data, thus causing the slowdown. Several sources suggest using/dev/urandominstead:/dev/urandomThat said, as per above, requiring users to make a manual workaround will affect user adoption, so this must be done automatically for them, without any extra manual steps on their part.