Rand::Urandom - replaces rand() with /dev/urandom
use Rand::Urandom();
# now grabs 8 bytes from /dev/urandom
# works just like rand, that is returns a random fractional number >= 0 and
# less than $max
my $r = rand($max);
# or
use Rand::Urandom qw(perl_rand rand_bytes);
# rand() still overloaded, but we want to use the original rand
my $r = perl_rand();
# returns $int random bytes
my $r = rand_bytes($int);
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
Perl's built-in rand has a few problems:
- the state is inherited across fork(), meaning its real easy to generate/use the same "random" number twice. Especially when using mod_perl. Yes I've been bitten by this before.
- per perldoc "rand()" is not cryptographically secure. You should not rely on it in security-sensitive situations."
- seeding is hard to get right
By default it uses the getentropy() (only available in > Linux 3.17) and falls back to /dev/arandom then /dev/urandom. Otherwise it dies.
This means it should "DoTheRightThing" on most unix based systems, including, OpenBSD, FreesBSD, Mac OSX, Linux, blah blah.
You: Yeah, Ok I see you're point, but do I actually want to use this?
Me: Maybe!, It could also be a really bad idea!
- perl_rand() - the original rand(), only works on perls newer or equal to 5.16
- rand_bytes($int) - returns $int rand bytes()
None by default. perl_rand(), rand_bytes();
https://github.com/badalex/Rand-Urandom
Alex Hunsaker, <badalex@gmail.com
Copyright (C) 2014 by Alex Hunsaker
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.20.1 or, at your option, any later version of Perl 5 you may have available.