I turns out that not possible to find full list of Java properties other than basic.
I want to understand difference of securerandom.source vs java.security.egd
When I run printing out from within Java main method:
System.out.println("Secure random source: " + Security.getProperty("securerandom.source"));
System.out.println("java.security.egd: " + System.getProperty("java.security.egd"));
I get (on JDK 17):
Secure random source: file:/dev/random
java.security.egd: null
JDK 11 https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-9DC4ADD5-6D01-4B2E-9E85-B88E3BEE7453
and JDK 17 https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-C4706FFE-D08F-4E29-B0BE-CCE8C93DD940
both say file:/dev/random is already default, and setting it is not needed.
if the entropy gathering device in java.security is set to file:/dev/urandom or file:/dev/random, then NativePRNG is preferred to SHA1PRNG
But NativePRNG algorithm is already used by default:
SecureRandom secureRandom = new SecureRandom();
System.out.println("Algorithm: " + secureRandom.getAlgorithm());
Output
Algorithm: NativePRNG
My feelings are that specifying java.security.egd is not needed,
but I cannot get documentation prove of it.
The https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html says
SHA1PRNG and NativePRNG were fixed to properly respect the SecureRandom seed source properties in the java.security file. The obscure workaround using file:///dev/urandom and file:/dev/./urandom is no longer required
But it does not say, there is no need to use java.security.egd.
What is securerandom.source vs java.security.egd Java System properties difference ?
Yes, this is older staff in many places
https://cwiki.apache.org/confluence/display/TOMCAT/HowTo+FasterStartUp (last edit 2017) has
There is a way to configure JRE to use a non-blocking entropy source by setting the following system property: -Djava.security.egd=file:/dev/./urandom
