Java Security

I have figured out one of the main causes. If you use the default implementation of the SecureRandom object (you use this if you don't explicitly declare and seed one in your code), the seeding of the object takes an excessive amount of time. The problem is in SeedGenerator, it calls System.currentTimeInMillis() over 10,000 times, along with spawing a new Thread to do this, all in an attempt to seed the SecureRandom.

The work around is too actually create, seed, and use a SecureRandom on your own, not letting the code use it's default methods.

if you call this method:
SSLContext.init(KeyManager [] , TrustManager [] , SecureRandom); and pass nulls in for SecureRandom, you will have the same problem


[example fix]
long l = System.currentTimeMillis() * System.currentTimeMillis(); //this will return a relatively random fully filled 64bits
int i = 64; ///number of bits
byte[] seed = new byte;
while ( --i >= 0 ) {
seed[i] = (byte) l;
l >>= 1; //use each bit of long to seed the byte array
}
new SecureRandom(seed); //use this object