It turns out that if the machine doesn't have enough entropy stored up, getInstanceStrong will block until it does. On one of my apps (used only by myself), sign-in is occasionally broken due to that. I haven't noticed the problem in any of my public-facing apps. (Also note that this doesn't affect the signin link flow, only the signin code flow.)
If we replace (java.security.SecureRandom/getInstanceStrong) with (java.security.SecureRandom.) then it doesn't block. Need to figure out if the extra security of getInstanceStrong really matters.
The auth plugin includes the following function, which is used for generating the 6-digit signin codes:
It turns out that if the machine doesn't have enough entropy stored up,
getInstanceStrong
will block until it does. On one of my apps (used only by myself), sign-in is occasionally broken due to that. I haven't noticed the problem in any of my public-facing apps. (Also note that this doesn't affect the signin link flow, only the signin code flow.)If we replace
(java.security.SecureRandom/getInstanceStrong)
with(java.security.SecureRandom.)
then it doesn't block. Need to figure out if the extra security ofgetInstanceStrong
really matters.As a temporary workaround, you can use this: