Inconsistent, Slow Encryption Performance with Jasypt on Ubuntu Linux

Question

I am using Jasypt's BasicBinaryEncryptor to encrypt small amounts of binary data (around 1 KB). I am using Scala, but I doubt that matters.

val encryptor = new BasicBinaryEncryptor
encryptor.setPassword(password)
val encrypted = encryptor.encrypt(bytes.toByteArray())

This encrypt operation can range anywhere from a few seconds, but often runs to over a minute or more. It also seems like the first few operations run just fine, but after that it slows down.

I have tried Jasypt version 1.9.2 and 1.9.1. This operation is slow on Ubuntu Linux 14.04 (Hotspot JVM 1.8.0_45) and 15.04, but runs just fine on Mac OS X (Hotspot JVM 1.8.0_40-b25).

Any thoughts on what I can change to improve performance on Ubuntu?

Answer 1

The problem your are experiencing is caused by the salt generator used by Jasypt. BasicBinaryEncryptor uses a StandardPBEByteEncryptor with the default configuration for a SaltGenerator . This results in the use of RandomSaltGenerator which uses SecureRandom (as of Jasypt v1.9.1). SecureRandom will block if not enough entropy is available, as markspace pointed out.

If you are ok with using /dev/urandom instead of /dev/random you can start your program with -Djava.security.egd=file:/dev/urandom , which will not block.

Another option would be to configure your own encryptor and use a different SaltGenerator. Jasypt provides some fixed SaltGenerators you can use, or you can roll your own random one that doesn't use SecureRandom.

Answer 2

On our Ubuntu server we installed the haveged package via apt-get .

Read about that more here: http://www.issihosts.com/haveged/

The package is not installed by default, but generates entropy. After doing this, we were able to swap back to /dev/random instead of using /dev/urandom .