https://www.1ju.org/article/java-security-egd

https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for

SecureRandom

会使用java.security配置文件中配置的securerandom.source作为 entropy gathering device(EGD),即熵池的来源,通过这个熵池获取初始化用到的seed,只在第一次的时候使用到这个熵池。

还可以通过指定-Djava.security.egd系统属性来覆盖这个配置。

这个配置可以取值为:

1
2
3
file:/dev/random
file:/dev/urandom
file:/dev/./urandom

/dev/random在产生大量随机数的时候比/dev/urandom慢?(为什么)

什么情况下应该用什么配置:

file:/dev/./urandom 是因为一个jdk的bug,如果使用file:/dev/urandom仍然会使用file/dev/random

Java Bug 6202721 states that java.security.SecureRandom uses /dev/random rather than /dev/urandom even if /dev/urandom is specified because at the time (around 2004) /dev/urandom was not working properly. The bug has never been reversed now that /dev/urandom works quite well. Therefore, you have to fake it out by obscuring the setting by using /dev/./urandom to force the use of SHA1PRNG rather than /dev/random.

If running Java 8 on modern OSes with support to Deterministic Random Bit Generator (DRBG), I’d recommend using
-Djava.security.egd=file:/dev/urandom to avoid getting the code blocked unexpectedly. If not sure about the OS being used, my suggestion is to stick with the original recommendation, namely:
-Djava.security.egd=file:/dev/./urandom

If running Java 11, I’d recommend simply using
-Djava.security.egd=file:/dev/./urandom to make sure of:

leveraging the strongest SecureRandom implementation available (DRBG) regardless the underpinning platform
avoiding getting the code blocked unexpectedly (securerandom.source=file:/dev/urandom)

UUID

UUID这个类使用的就是SecureRandom来生成随机数。所以这个配置能影响第一次获取UUID时的速度。