4Ağu
Is it ok to use NativePRNGNonBlocking SecureRandom for making jwt?
I'm developing jwt auth feature with Spring WebFlux. And, I found the blocking calls in jjwt library by using BlockHound.
The reason of blocking calls was SecureRandom use /dev/random
to make random number in default on Linux system.
To prevent this, I'm considering to use SecureRandom.getInstance("NativePRNGNonBlocking")
that uses /dev/urandom
instead of /dev/random
.
Is /dev/urandom
is safe enough to make jwt???