It turns out that if the machine doesn't have enough entropy stored up, getInstanceStrong will block until it does. On one of my apps (used only by myself), sign-in is occasionally broken due to that. I haven't noticed the problem in any of my public-facing apps. (Also note that this doesn't affect the signin link flow, only the signin code flow.)
If we replace (java.security.SecureRandom/getInstanceStrong) with (java.security.SecureRandom.) then it doesn't block. Need to figure out if the extra security of getInstanceStrong really matters.
jacobobryant
commented
12 months ago
The auth plugin includes the following function, which is used for generating the 6-digit signin codes:
It turns out that if the machine doesn't have enough entropy stored up,
getInstanceStrongwill block until it does. On one of my apps (used only by myself), sign-in is occasionally broken due to that. I haven't noticed the problem in any of my public-facing apps. (Also note that this doesn't affect the signin link flow, only the signin code flow.)If we replace
(java.security.SecureRandom/getInstanceStrong)with(java.security.SecureRandom.)then it doesn't block. Need to figure out if the extra security ofgetInstanceStrongreally matters.As a temporary workaround, you can use this: