In supporting our active-active Git replication product underneath Gerrit I read the public Gerrit discussions daily. On May 14th
there was a very interesting discussion up there about how Gerrit took more than 6 minutes to start due to a lack of entropy (https://groups.google.com/forum/#!topic/repo-discuss/TwcBu_lYSqM).

Since Java uses /dev/random by default the startup was blocking on the headless server because the sources of entropy did not allow for all of the random numbers that Gerrit needed. One of the folks participating in the discussion, Han-Wen Nienhuys, posted up a very insightful discussion about “Myths About urandom“.

Reading through theposts led me to an old LWN article about “Appropriate sources of entropy” from 2008.

I’m still doing some background research, trying to answer my question as to whether MeltDown and/or Spectre could be used to compromise entropy and thereby the security of the system? However, the practical outcome of this information is that we will be moving our ALM products to use /dev/urandom in an upcoming release to avoid blocking unnecessarily.

Leave a comment

Your email address will not be published. Required fields are marked *