TomcatRunner slow on boot

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

User avatar
moccha
Posts: 112
Joined: 13 Feb 2014, 16:09

TomcatRunner slow on boot

Postby moccha » 07 Jul 2021, 20:05

When I start my server on my Amazon EC2 instance, there's a large delay between when BlueBox starts and the crypto manager is ready. It outputs this warning after about a minute:

Code: Select all

 WARNING [TomcatRunner] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [50,928] milliseconds.


I found that it has to do with the generator, with many saying that it should be acceptable to use urandom instead: https://programmer.ink/think/5cdb10aab4bef.html
https://security.stackexchange.com/questions/3936/is-a-rand-from-dev-urandom-secure-for-a-login-key

If I include

Code: Select all

-Djava.security.egd=file:/dev/./urandom
in my JVM startup section of SmartFox, Tomcat starts within a few seconds.

Some say urandom isn't secure, but there are others who try to dispell the myths: https://www.2uo.de/myths-about-urandom/

I wonder if it there are any caveats or if it should still be random enough?
User avatar
Lapo
Site Admin
Posts: 22999
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: TomcatRunner slow on boot

Postby Lapo » 08 Jul 2021, 06:51

Hi,
we've seen this issue under EC2 ourselves too, when working on our Overcast project.
And we've used the same config settings you're using.

Some say urandom isn't secure, but there are others who try to dispell the myths: https://www.2uo.de/myths-about-urandom/

Most of these discussions are very theoretical and of course experts love to delve into the details. Random number generation is sensitive spot for encryption, not doubt about that.
The bottom like is that it is secure enough for most uses. If you were to run a banking system or some other service dealing with money transactions I'd probably avoid something like this. Other than that there's not much to worry about.

Cheers
Lapo
--
gotoAndPlay()
...addicted to flash games

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 44 guests