What exactly does "-Djava.security.egd=file:/dev/./urandom" do when containerizing a Spring Boot application
The purpose of that security property is to speed up tomcat startup. By default the library used to generate random number in JVM on Unix systems relies on /dev/random. On docker containers there isn't enough entropy to support /dev/random. See Not enough entropy to support /dev/random in docker containers running in boot2docker.The random number generator is used for session ID generation. Changing it to /dev/urandom will make the startup process faster.
Similar question Slow startup on Tomcat 7.0.57 because of SecureRandom
From Java 9 through Java 11 (LTS), this option is to increase the entropy of random numbers generated by the java.security.SecureRandom class whilst avoiding the risk of having the code blocked unexpectedly. It configures the JVM:
- To seed the SecureRandom class using the
/dev/urandomspecialfile on Unix-like OSes to avoid having the code unexpectedlyblocked due to lack of entropy. - To use the Deterministic Random Bit Generator (DRBG) mechanisms
described in NIST 800-90Ar1. These mechanisms implement modern algorithms as strong as SHA-512 and AES-256.