Code: Select all
WARNING [TomcatRunner] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [50,928] milliseconds.
I found that it has to do with the generator, with many saying that it should be acceptable to use urandom instead: https://programmer.ink/think/5cdb10aab4bef.html
https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key
If I include
Code: Select all
-Djava.security.egd=file:/dev/./urandom
Some say urandom isn't secure, but there are others who try to dispell the myths: https://www.2uo.de/myths-about-urandom/
I wonder if it there are any caveats or if it should still be random enough?