Simple Java program 100 times slower after plugging in USB hotspot
Default implementation of SecureRandom
scans network interfaces as an additional source of system entropy. In order to avoid this, you need to register a custom java.security.Provider
that contains a different implementation of SecureRandomSpi
.
Fortunately, JDK for Windows already has a suitable SecureRandomSpi
implementation that relies on Microsoft Crypto API: sun.security.mscapi.PRNG
. Though this is non-public API, the class exists in all versions of OpenJDK and Oracle JDK from 1.6 to 9, and the fallback is available anyway.
There are two ways to register MS Crypto PRNG as the default SecureRandom algorithm.
1. From within the application by calling WindowsSecureRandom.register()
at the very beginning.
import java.security.Provider;import java.security.Security;public class WindowsSecureRandom extends Provider { private static final String MSCAPI = "sun.security.mscapi.PRNG"; private WindowsSecureRandom() { super("WindowsSecureRandom Provider", 1.0, null); putService(new Service(this, "SecureRandom", "Windows-PRNG", MSCAPI, null, null)); } public static void register() { if (System.getProperty("os.name").contains("Windows")) { try { Class.forName(MSCAPI); Security.insertProviderAt(new WindowsSecureRandom(), 1); } catch (ClassNotFoundException e) { // Fallback to default implementation } } }}
2. By reordering provider list in %JAVA_HOME%\jre\lib\security\java.security
file.
security.provider.1=sun.security.mscapi.SunMSCAPI <<<--- make it the first providersecurity.provider.2=sun.security.provider.Sunsecurity.provider.3=sun.security.rsa.SunRsaSignsecurity.provider.4=sun.security.ec.SunECsecurity.provider.5=com.sun.net.ssl.internal.ssl.Provider...
I've verified that with either solutions SeedGenerator
and NetworkInterface
classes are no longer loaded.