OpenSAML user discussion

OK, verified that you are correct -
ran a quick test using different JVM's:

import java.security.SecureRandom;
public class SecureRandomTest {
        public
static void main(String[] args) throws Exception {
         
      SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
         
      int cnt = 5;
         
      long startTime = System.currentTimeMillis();
         
      for(int i = 0; i < cnt; i++)
         
              generateIdentifier(rand,16);

         
      long endTime = System.currentTimeMillis();
         
      System.out.println("Processed in "
+ ((endTime-startTime))/cnt + " milliseconds (avg).");
        }
    public static String generateIdentifier(SecureRandom
random,int size) {
        byte[] buf
= new byte[size];
        random.nextBytes(buf);
        return buf.toString();
    }
}

IBM JVM: Processed in 498 milliseconds
(avg).
Sun JVM 1.4: Processed in 12 milliseconds
(avg).

Thanx for pointing me in the right
direction!

Edward Thompson


Authentication & Entitlements

Chad La Joie <>

07/17/2008 08:49 AM

Please respond to

To
cc
Subject	Re: [OpenSAML]

This could be an IBM JVM issue.  The other windows
users that I know are 
running on Sun's VM.

Are there any other Windows's user also using IBM's JVM that could test
this?


 wrote:
> Sorry, should have provided more detail:
> 
> WebSphere Platform 6.1 [BASE 6.1.0.2 cf20633.22]  running with
process 
> name DWS3WACH37czwc1Node01Cell\DWS3WACH37czwc1Node01\server1 and process
> id 4332
> Host Operating System is Windows XP, version 5.1 build 2600 Service
Pack 2
> Java version = J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32 j9vmwi3223-20060504
> (JIT enabled)
> J9VM - 20060501_06428_lHdSMR
> JIT  - 20060428_1800_r8
> GC   - 20060501_AA, Java Compiler = j9jit23, Java VM name = IBM
J9 VM
> 
> Here are the security providers for this JVM:
> security.provider.1=com.ibm.crypto.provider.IBMJCE
> security.provider.2=com.ibm.jsse.IBMJSSEProvider
> security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
> security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
> security.provider.5=com.ibm.security.cert.IBMCertPath
> security.provider.6=com.ibm.crypto.pkcs11.provider.IBMPKCS11
> security.provider.7=com.ibm.security.cmskeystore.CMSProvider
> security.provider.8=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
> 
> And I add bouncycastle in the code.  This is just my sandbox.
> 
> Edward Thompson
> 
> 
> 
> 
> 
> Chad La Joie <> 
> 07/17/2008 08:13 AM
> Please respond to
> 
> 
> 
> To
> 
> cc
> 
> Subject
> Re: [OpenSAML]
> 
> 
> 
> 
> 
> 
> Sun or IBM?
> 
>  wrote:
>> 1.5_15 running under websphere 6.1
>>
>> Edward Thompson
>>
>>
>>
>>
>>
>> Chad La Joie <> 
>> 07/17/2008 08:03 AM
>> Please respond to
>> 
>>
>>
>> To
>> 
>> cc
>>
>> Subject
>> Re: [OpenSAML]
>>
>>
>>
>>
>>
>>
>> I know some other people are using this on Windows and I haven't
heard 
>> anything like this from them.  What JVM are you using?
>>
>>  wrote:
>>> I am using the latest SAML2 library for Java.
>>> When I call the encrypt() method of an Encryter for an Attribute,
it 
>> looks 
>>> like the downline code is using
>>> SecureRandom to generate an unique id for the Node.  On
my XP machine 
> at 
>>> least, this is a VERY expensive operation, and I find it spending
>> 2.2-2.5 
>>> seconds
>>> in the nextByte() .
>>>
>>> Do others find this to be true?  Is there a way I can
generate my own 
> id 
>>> for the Node?
>>>
>>> SecureRandom is critical for key generation et al. but isn't
it 
> overkill 
>>> for generating a simple id?
>>> What am I missing?
>>>
>>> Edward Thompson
>>> Charlotte, NC 28202
>>>
> 

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
, http://www.switch.ch