CODEWITHSUNDEEP
javamacossecure-random
ryanlutgen
ryanlutgen

Reputation: 3051

SecureRandom setSeed method fails on MacOS

Running macOS High Sierra 10.13.5 and Java 1.8.0u171.

I have something like the following code:

SecureRandom random = SecureRandom.getInstance("NativePRNGNonBlocking");
random.setSeed(bla byte array);

I encounter the following exception whenever this is run, I have redacted some of the stack trace that contains some sensitive bits:

java.security.ProviderException: setSeed() failed
    at sun.security.provider.NativePRNG$RandomIO.implSetSeed(NativePRNG.java:472)
    at sun.security.provider.NativePRNG$RandomIO.access$300(NativePRNG.java:331)
    at sun.security.provider.NativePRNG$NonBlocking.engineSetSeed(NativePRNG.java:312)
    at java.security.SecureRandom.setSeed(SecureRandom.java:427)
--redacted--
Caused by: java.io.IOException: Operation not permitted
    at java.io.FileOutputStream.writeBytes(Native Method)
    at java.io.FileOutputStream.write(FileOutputStream.java:313)
    at sun.security.provider.NativePRNG$RandomIO.implSetSeed(NativePRNG.java:470)
    at sun.security.provider.NativePRNG$RandomIO.access$300(NativePRNG.java:331)
    at sun.security.provider.NativePRNG$NonBlocking.engineSetSeed(NativePRNG.java:312)
    at java.security.SecureRandom.setSeed(SecureRandom.java:427)
--redacted--

It appears that it is trying to write something, but I don't know what, or where. There is code in the area that mentions /dev/random, so I figured I would check the perms of that, but I don't know what to make of that either.

x@y:~ $ ls -ld /dev/null
crw-rw-rw-  1 root  wheel    3,   2 Jun 11 15:25 /dev/null
x@y:~ $ ls -ld /dev/urandom
crw-rw-rw-  1 root  wheel   14,   1 Jun 11 15:02 /dev/urandom
x@y:~ $ ls -ld /dev/random
crw-rw-rw-  1 root  wheel   14,   0 Jun  7 08:15 /dev/random

Any ideas what the issue is, and what I can do to remedy it?

EDIT: I found that it appears that NativePRNGNonBlocking appears to try and access /dev/urandom which OSX apparently doesn't allow writing to. Is there a way I can enable writing to it, or another method of avoiding this while still maintaining non-blocking behavior?

Upvotes: 1

Views: 829

Answers (2)

gabor
gabor

Reputation: 1030

I could reproduce the issue on Oracle JDK 1.8.0-152, but the issue seems to be fixed in Oracle JDK 1.8.0-202

see also https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8156709

Upvotes: 1

User8461
User8461

Reputation: 438

The standard seed should already be provide enough entropy.

See also: Should I seed a SecureRandom?

If you still like your own seed sorry that I can not provide a answer how to write to the OSX /dev/urandom.

For security purpose /dev/urandom is not the best choice, /dev/random or the default seed for SecureRandom may a better solution.

Edit: Well some people think /dev/urandom is also fine: https://www.2uo.de/myths-about-urandom/

Upvotes: 3

Related Questions