Bitcoin Forum
May 06, 2024, 10:04:20 PM
Welcome,
Guest
. Please
login
or
register
.
News
: Latest Bitcoin Core release:
27.0
[
Torrent
]
Home
Help
Search
Login
Register
More
Bitcoin Forum
>
Bitcoin
>
Development & Technical Discussion
>
Wallet software
>
BitcoinJ
>
Should I trust Oracle? (Sun JDK -vs- Open JDK)
Pages: [
1
]
« previous topic
next topic »
Print
Author
Topic: Should I trust Oracle? (Sun JDK -vs- Open JDK) (Read 2475 times)
d4n13
(OP)
Full Member
Offline
Activity: 210
Merit: 101
“Create Your Decentralized Life”
Should I trust Oracle? (Sun JDK -vs- Open JDK)
June 19, 2015, 06:40:02 PM
#1
A few years ago, this would have sounded like the ramblings of a lunatic, but now days... not so much.
There were reports that some bad acting tech companies were coerced into weakening encryption (RNG) at the request of #bigbrother (ref1).
Surveys of public keys (SSH, SSL, PGP) show that are are alarming numbers of collisions. (ref2).
Seeing how Oracle is infinitely more coercible than a distributed open source endeavor, my question is, should Java encryption be done on open JDKs to gaurd against this type of threat?
ref1:
http://www.zdnet.com/article/has-the-nsa-broken-ssl-tls-aes/
ref2:
http://arstechnica.com/business/2012/02/crypto-shocker-four-of-every-1000-public-keys-provide-no-security/
PS: Favorite quote from (ref2)
Quote
It remains unclear exactly what is causing large clusters of keys to use duplicated factors
Hmm... see (ref1)
Create Your Decentralized Life
❰❰│
E S S E N T I A
│❱❱
【 Read our Whitepaper 】
❰❰│
▮
▮▮
▮│ take care of all your assets, logins, dApps, documents, and more - │▮
▮▮
▮
Telegram
◾
Bitcointalk
◾
Twitter
◾
Facebook
│
▮
│❱❱【
TRY THE WEB ALPHA
】❰❰│
1715033060
Hero Member
Offline
Posts: 1715033060
Ignore
1715033060
1715033060
#2
1715033060
Report to moderator
Who are the least trusted users of Bitcointalk?
¯\_(ツ)_/¯
Who are the most trusted users of Bitcointalk?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715033060
Hero Member
Offline
Posts: 1715033060
Ignore
1715033060
1715033060
#2
1715033060
Report to moderator
1715033060
Hero Member
Offline
Posts: 1715033060
Ignore
1715033060
1715033060
#2
1715033060
Report to moderator
1715033060
Hero Member
Offline
Posts: 1715033060
Ignore
1715033060
1715033060
#2
1715033060
Report to moderator
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1076
I may write code in exchange for bitcoins.
Re: Should I trust Oracle? (Sun JDK -vs- Open JDK)
June 20, 2015, 01:08:40 AM
#2
Thanks for those links (specially the second one), I hadn't seen that.
From what I read recently, nowadays OpenJDK is actually the "standard" jdk. So, if I were you, I'd turn the question around, is there any reason *not* to use open jdk given that (1) it's free (both kinds of free) and (2) what you mentioned in the OP?
d4n13
(OP)
Full Member
Offline
Activity: 210
Merit: 101
“Create Your Decentralized Life”
Re: Should I trust Oracle? (Sun JDK -vs- Open JDK)
June 20, 2015, 01:51:46 AM
#3
There is actually fewer Win64 builds of OpenJDK than I thought. I'm not adverse to building it from scratch, but I'm certainly not advocating that stuff to a new member.
I'll give Zulu a shot which is an OpenJDK distro (ref1). For the paranoid, only building from scratch will do. For the truly paroanoid, only open source SW running on open source HW will do. Ultimately, it may eventually come to that. If Oracle isn't coerced, then perhaps Intel is. Doesn't matter who makes bad RNG, once it's bad, it's really bad.
Anyway... I'll post how Zulu works with Multibit and BitcoinJ once that projects pops to top of stack.
ref1:
http://www.azulsystems.com/products/zulu/downloads
ref2:
http://www.wired.com/2013/09/nsa-backdoor/
PS: found an even scarier article on Crypto-Crippling, this one effects Ecliptic Curve RNG (ref2) (ouch).
Create Your Decentralized Life
❰❰│
E S S E N T I A
│❱❱
【 Read our Whitepaper 】
❰❰│
▮
▮▮
▮│ take care of all your assets, logins, dApps, documents, and more - │▮
▮▮
▮
Telegram
◾
Bitcointalk
◾
Twitter
◾
Facebook
│
▮
│❱❱【
TRY THE WEB ALPHA
】❰❰│
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1076
I may write code in exchange for bitcoins.
Re: Should I trust Oracle? (Sun JDK -vs- Open JDK)
June 20, 2015, 07:32:46 AM
#4
Quote from: d4n13 on June 20, 2015, 01:51:46 AM
There is actually fewer Win64 builds of OpenJDK than I thought. I'm not adverse to building it from scratch, but I'm certainly not advocating that stuff to a new member.
I'll give Zulu a shot which is an OpenJDK distro (ref1). For the paranoid, only building from scratch will do. For the truly paroanoid, only open source SW running on open source HW will do. Ultimately, it may eventually come to that. If Oracle isn't coerced, then perhaps Intel is. Doesn't matter who makes bad RNG, once it's bad, it's really bad.
.
Anyway... I'll post how Zulu works with Multibit and BitcoinJ once that projects pops to top of stack.
ref1:
http://www.azulsystems.com/products/zulu/downloads
ref2:
http://www.wired.com/2013/09/nsa-backdoor/
PS: found an even scarier article on Crypto-Crippling, this one effects Ecliptic Curve RNG (ref2) (ouch).
OpenJDK has been the default Java on debian (and downstream, I assume) systems for some time now. You have to go out of your way to get the Sun Java nowadays on the linux distros I use. I've never built software on windows so I don't know how it compares but on linux you usually just have to run "./configure && make && make install", a lot of newbies can probably do that okay. Shit, if you can build a windows java guaranteed without spyware, maybe you can start distributing the binaries for the newbies yourself
Mike Hearn
Moderator
Legendary
Offline
Activity: 1526
Merit: 1129
Re: Should I trust Oracle? (Sun JDK -vs- Open JDK)
August 05, 2015, 10:46:01 AM
#5
The collections of identical keys are almost always due to hardware devices that generate a key on first boot, before they have any entropy. I doubt the JDK will ever be backdoored given the scrutiny it gets, but using Zulu or compiling OpenJDK yourself is not a bad mitigation if you're worried about it.
Pages: [
1
]
Print
Bitcoin Forum
>
Bitcoin
>
Development & Technical Discussion
>
Wallet software
>
BitcoinJ
>
Should I trust Oracle? (Sun JDK -vs- Open JDK)
« previous topic
next topic »
Jump to:
Please select a destination:
-----------------------------
Bitcoin
-----------------------------
=> Bitcoin Discussion
===> Legal
===> Press
===> Meetups
===> Important Announcements
=> Development & Technical Discussion
===> Wallet software
=====> Electrum
=====> Bitcoin Wallet for Android
=====> BitcoinJ
=====> Armory
=====> Mycelium
=====> Hardware wallets
=> Mining
===> Mining support
===> Pools
===> Mining software (miners)
===> Hardware
=====> Group buys
===> Mining speculation
=> Bitcoin Technical Support
=> Project Development
-----------------------------
Economy
-----------------------------
=> Economics
===> Speculation
=> Marketplace
===> Goods
=====> Computer hardware
=====> Digital goods
=======> Invites & Accounts
=====> Collectibles
===> Services
===> Currency exchange
===> Gambling
=====> Games and rounds
=====> Investor-based games
=====> Gambling discussion
===> Lending
=====> Long-term offers
===> Securities
===> Auctions
===> Service Announcements
=====> Micro Earnings
===> Service Discussion
=====> Web Wallets
=====> Exchanges
=> Trading Discussion
===> Scam Accusations
===> Reputation
-----------------------------
Other
-----------------------------
=> Meta
===> New forum software
===> Bitcoin Wiki
=> Politics & Society
=> Beginners & Help
=> Off-topic
=> Serious discussion
===> Ivory Tower
=> Archival
===> Корзина
===> CPU/GPU Bitcoin mining hardware
===> Chinese students
===> Obsolete (buying)
===> Obsolete (selling)
===> MultiBit
-----------------------------
Alternate cryptocurrencies
-----------------------------
=> Altcoin Discussion
=> Announcements (Altcoins)
===> Tokens (Altcoins)
=> Mining (Altcoins)
===> Pools (Altcoins)
=> Marketplace (Altcoins)
===> Service Announcements (Altcoins)
===> Service Discussion (Altcoins)
===> Bounties (Altcoins)
=> Speculation (Altcoins)
-----------------------------
Local
-----------------------------
=> العربية (Arabic)
===> العملات البديلة (Altcoins)
=====> النقاشات
===> إستفسارات و أسئلة المبتدئين
===> التعدين
===> النقاشات الأخرى
===> منصات التبادل
=> Bahasa Indonesia (Indonesian)
===> Marketplace (Bahasa Indonesia)
===> Mining (Bahasa Indonesia)
===> Altcoins (Bahasa Indonesia)
===> Trading dan Spekulasi
===> Ekonomi, Politik, dan Budaya
===> Topik Lainnya
=> Español (Spanish)
===> Mercado y Economía
=====> Servicios
=====> Trading y especulación
===> Hardware y Minería
===> Esquina Libre
===> Mercadillo
=====> Mexico
=====> Argentina
=====> España
=====> Centroamerica y Caribe
===> Primeros pasos y ayuda
===> Altcoins (criptomonedas alternativas)
=====> Minería de altcoins
=====> Servicios
=====> Tokens (Español)
=> 中文 (Chinese)
===> 跳蚤市场
===> 山寨币
===> 媒体
===> 挖矿
===> 离题万里
=> Hrvatski (Croatian)
===> Trgovina
===> Altcoins (Hrvatski)
=====> Announcements (Hrvatski)
===> Off-topic (Hrvatski)
=> Deutsch (German)
===> Anfänger und Hilfe
===> Mining (Deutsch)
===> Trading und Spekulation
===> Projektentwicklung
===> Off-Topic (Deutsch)
===> Treffen
===> Presse
===> Altcoins (Deutsch)
=====> Announcements (Deutsch)
===> Marktplatz
=====> Auktionen
=====> Suche
=====> Biete
=> Ελληνικά (Greek)
===> Αγορά
===> Mining Discussion (Ελληνικά)
===> Altcoins (Ελληνικά)
=====> Altcoin Announcements (Ελληνικά)
=====> Altcoin Mining (Ελληνικά)
=> עברית (Hebrew)
=> Français
===> Actualité et News
===> Débutants
===> Discussions générales et utilisation du Bitcoin
===> Mining et Hardware
===> Économie et spéculation
===> Place de marché
=====> Échanges
=====> Produits et services
=====> Petites annonces
===> Le Bitcoin et la loi
===> Wiki, documentation et traduction
===> Développement et technique
===> Vos sites et projets
===> Hors-sujet
===> Altcoins (Français)
=====> Annonces
=> India
===> Mining (India)
===> Marketplace (India)
===> Regional Languages (India)
===> Press & News from India
===> Alt Coins (India)
===> Buyer/ Seller Reputations (India)
===> Off-Topic (India)
=> Italiano (Italian)
===> Guide (Italiano)
===> Progetti
===> Discussioni avanzate e sviluppo
===> Trading, analisi e speculazione
===> Mercato
=====> Mercato valute
=====> Beni
=====> Servizi
=====> Esercizi commerciali
=====> Hardware/Mining (Italiano)
=====> Gambling (Italiano)
===> Accuse scam/truffe
===> Mining (Italiano)
===> Alt-Currencies (Italiano)
=====> Annunci
===> Raduni/Meeting (Italiano)
===> Crittografia e decentralizzazione
===> Off-Topic (Italiano)
=> 日本語 (Japanese)
===> アルトコイン
=> Nederlands (Dutch)
===> Markt
===> Gokken/lotterijen
===> Mining (Nederlands)
===> Beurzen
===> Alt Coins (Nederlands)
===> Off-topic (Nederlands)
===> Meetings (Nederlands)
=> Nigeria (Naija)
===> Politics and society (Naija)
===> Off-topic (Naija)
=> 한국어 (Korean)
===> 대체코인 Alt Coins (한국어)
=> Pilipinas
===> Altcoins (Pilipinas)
=====> Altcoin Announcements (Pilipinas)
===> Pamilihan
===> Others (Pilipinas)
=> Polski
===> Tablica ogłoszeń
===> Alternatywne kryptowaluty
=====> Nowe kryptowaluty i tokeny
=====> Tablica ogłoszeń (altcoiny)
=> Português (Portuguese)
===> Primeiros Passos (Iniciantes)
===> Economia & Mercado
===> Mineração em Geral
===> Desenvolvimento & Discussões Técnicas
===> Criptomoedas Alternativas
===> Brasil
===> Portugal
=> Русский (Russian)
===> Новички
===> Бизнес
=====> Барахолка
=====> Обменники
===> Идеи
===> Кодеры
===> Майнеры
===> Политика
===> Трейдеры
===> Альтернативные криптовалюты
=====> Токены
=====> Бayнти и aиpдpoпы
===> Хайпы
===> Работа
===> Разное
===> Oбcyждeниe Bitcoin
=====> Новости
=====> Юристы
=> Română (Romanian)
===> Anunturi importante
===> Offtopic
===> Market
=====> Discutii Servicii
===> Minerit
===> Tutoriale
===> Bine ai venit!
===> Presa
===> Altcoins (Monede Alternative)
=====> Anunturi Monede Alternative
=> Skandinavisk
=> Türkçe (Turkish)
===> Bitcoin Haberleri
===> Pazar Alanı
===> Madencilik
===> Ekonomi
===> Servisler
=====> Fonlar
===> Proje Geliştirme
===> Alternatif Kripto-Paralar
=====> Madencilik (Alternatif Kripto-Paralar)
=====> Duyurular (Alternatif Kripto-Paralar)
===> Konu Dışı
===> Yeni Başlayanlar & Yardım
===> Buluşmalar
=> Other languages/locations
Loading...