Cryptographically secure pseudo-random number generator depends on good entropy; however from Docker containers we don’t always get this. This can cause the random generation be to block the execution of the application. Bone die found at Cantonment Clinch (1823–1834). (source: ) Kolby Kirk on Wikimedia Commons The Problem I had a simple piece of Scala code generating random user ids by using . Something like: java.security.SecureRandom.getInstanceStrong() It worked perfectly on local with the official docker image. However after deploying the application to the application was just hanging, no exception thrown. environment O_penJDK_ Google Container Engine After some investigation I found the cause; source is not gathering enough entropy in environment. /dev/random Google Container Engine Solution In O_penJDK_ docker image ( ) the strong secure random algorithm is This algorithm is using source to get entropy, if there’s not enough entropy it blocks until enough entropy is gathered. On average this algorithm needs 21 seconds to generate a single random byte in my cluster. and most installations NativePRNGBlocking:SUN. /dev/random Google Container Engine Other alternative to this source is source. This source uses a pool of entropy already gathered but it generates pseudorandom numbers if it runs out of entropy. It is still intended for most cryptographic purposes. See the sources below. /dev/urandom (“unlimited” random) One option to use as random source is to explicitly get SecureRandom instance instead of using the method. After applying the following change my problem was fixed: /dev/urandom NativePRNGNonBlocking getInstanceStrong() Sources The Right Way to Use SecureRandom Myths about /dev/urandom Thanks for reading, your comments are appreciated.
