The current code is good, it avoids SecureRandom/blocking when we don't need real security (just used for safety checks).
On the other hand it has some downsides:
- the sources of randomness here aren't the best, e.g. sysprops will be the same when using automated deployment tools if the jvm is the same version, installed in the same place, same user, etc.
- asking for a Properties of all the sysprops needs blanket read-write access to all of them, which is inconvenient if you want to lock this down in tests (which I do). Today this means you can't ban write access or lucene won't work.
I think we should use /dev/urandom when its available, its just practical and exactly what we need. If its not available (e.g. windows) we can use the current logic. If sysprops arent available we can just use another hashcode instead and lucene can still be used.