{"id":20474219,"url":"https://github.com/marschall/rdrand-provider","last_synced_at":"2026-05-28T13:01:26.686Z","repository":{"id":57721317,"uuid":"123689527","full_name":"marschall/rdrand-provider","owner":"marschall","description":"A SecureRandomSPI that makes the RDRAND instruction available to SecureRandom. ","archived":false,"fork":false,"pushed_at":"2026-02-02T09:19:07.000Z","size":53,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-02T22:33:26.593Z","etag":null,"topics":["java","jce","rdrand","secure-random-generator","x86"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marschall.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-03T12:23:47.000Z","updated_at":"2026-02-02T09:19:04.000Z","dependencies_parsed_at":"2022-09-26T21:41:29.443Z","dependency_job_id":null,"html_url":"https://github.com/marschall/rdrand-provider","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/marschall/rdrand-provider","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marschall%2Frdrand-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marschall%2Frdrand-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marschall%2Frdrand-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marschall%2Frdrand-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marschall","download_url":"https://codeload.github.com/marschall/rdrand-provider/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marschall%2Frdrand-provider/sbom","scorecard":{"id":621146,"data":{"date":"2025-08-11","repo":{"name":"github.com/marschall/rdrand-provider","commit":"b87090dd925ee5abfba89f881ec70711fe8c2faf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T05:15:16.221Z","repository_id":57721317,"created_at":"2025-08-21T05:15:16.221Z","updated_at":"2025-08-21T05:15:16.221Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33609237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-28T02:00:06.440Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jce","rdrand","secure-random-generator","x86"],"created_at":"2024-11-15T14:28:38.806Z","updated_at":"2026-05-28T13:01:26.637Z","avatar_url":"https://github.com/marschall.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RDRAND SecureRandomSPI [![Build Status](https://travis-ci.org/marschall/rdrand-provider.svg?branch=master)](https://travis-ci.org/marschall/rdrand-provider) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.marschall/rdrand-provider/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.marschall/rdrand-provider)  [![Javadocs](https://www.javadoc.io/badge/com.github.marschall/rdrand-provider.svg)](https://www.javadoc.io/doc/com.github.marschall/rdrand-provider)\n\nA `SecureRandomSPI` that makes the [RDRAND](https://en.wikipedia.org/wiki/RdRand) and `RDSEED` available to `SecureRandom`.\n\n* does not use syscalls\n* uses JNI criticals to avoid allocation and copying\n* is marked as thread safe so concurrent access through `SecureRandom` will not synchronize in Java 9 and later, offering additional parallelism\n* unlike the `NativePRNG` variants\n  * does not use a file handle\n  * does not have a global lock\n  * does not additionally mix with `SHA1PRNG`\n  * zeros out native memory\n* supports the ServiceLoader mechanism\n* is a Java 9 module but works on Java 8\n* no dependencies outside the `java.base` module\n\n## Usage\n\nAn instance of the provider can be acquired using\n\n```java\nSecureRandom.getInstance(\"rdrand\"); // RdrandProvider.ALGORITHM\n```\n\n## Configuration\n\nThe provider can be configured in two different ways\n\n1. programmatic configuration\n1. static configuration\n\nFor best startup performance it is recommended to extract the .so from the JAR and add it to a folder present in the `LD_LIBRARY_PATH` environment variable or the `java.library.path` system property. Otherwise this library will extract the .so to a temporary folder the first time it is called.\n\n### Programmatic Configuration\n\nThe provider can be registered programmatically using\n\n```java\nSecurity.addProvider(new RdrandProvider());\n```\n\n### Static Configuration Java 8\n\nThe provider can be configured statically in the `java.security` file by adding the provider at the end\n\n```\nsecurity.provider.N=com.github.marschall.rdrand.RdrandProvider\n```\n\n`N` should be the value of the last provider incremented by 1. For Oracle/OpenJDK 8 on Linux `N` should likely be 10.\n\nThis can be done [per JVM installation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Configuring) or [per JVM Instance](https://dzone.com/articles/how-override-java-security).\n\nNote that for this to work the provider JAR needs to be in the class path or extension folder.\n\n### Static Configuration Java 9+\n\nThe provider can be configured statically in the `java.security` file by adding the provider at the end\n\n```\nsecurity.provider.N=rdrand\n```\n\n`N` should be the value of the last provider incremented by 1. For Oracle/OpenJDK 9 on Linux `N` should likely be 13.\n\nThis can be done [[per JVM installation](https://docs.oracle.com/en/java/javase/11/security/howtoimplaprovider.html#GUID-831AA25F-F702-442D-A2E4-8DA6DEA16F33) or [per JVM Instance](https://docs.oracle.com/en/java/javase/11/security/java-authentication-and-authorization-service-jaas-reference-guide.html#GUID-106F4B32-B9A3-4B75-BDBF-29B252BB3F53).\n\nThe provider uses the ServiceLoader mechanism therefore using the `rdrand` string is enough, there is no need to use the fully qualified class name.\n\nNote that for this to work the provider JAR needs to be in the class path or module path.\n\n### Performance\n\n[Performance](https://github.com/marschall/random-provider-benchmarks/tree/master/src/main/output/rdrand) compared to `NativePRNGNonBlocking` is similar for small, single threaded workloads but a lot better for multi threaded workloads.\n\n\n### Usage for Tomcat Session Ids\n\nThis security provider can be used for session id generation in Tomcat. In order for that several things need to be configured:\n\n1. the JAR needs to be added to the class path\n1. the .so should be added to the Java library path (`java.library.path`)\n1. the provider needs to be installed into the JVM via `java.security.properties`\n1. Tomcat needs to be configured to use the algorithm\n\nPoints 1, 2 and 3 can be configured in `CATALINA_BASE/bin/setenv.sh`\n\n```sh\n#!/bin/sh\n\nCLASSPATH=\"/path/to/rdrand-provider-0.1.0.jar\"\nCATALINA_OPTS=\"$CATALINA_OPTS -Djava.library.path=/path/to/folder/with/so -Djava.security.properties=/path/to/jvm.java.security\"\n\nexport CLASSPATH\nexport CATALINA_OPTS\n```\n\nPoint can be configured on [the Manager Component](https://tomcat.apache.org/tomcat-8.5-doc/config/manager.html) in `conf/context.xml` by setting `secureRandomAlgorithm` to `rdrand`\n\n```xml\n\u003cManager secureRandomAlgorithm=\"rdrand\"\u003e\n\u003c/Manager\u003e\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarschall%2Frdrand-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarschall%2Frdrand-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarschall%2Frdrand-provider/lists"}