Rand::Urandom - replaces rand() with /dev/urandom
use Rand::Urandom(); # now grabs 8 bytes from /dev/urandom # works just like rand, that is returns a random fractional number >= 0 and # less than $max my $r = rand($max); # or use Rand::Urandom qw(perl_rand rand_bytes); # rand() still overloaded, but we want to use the original rand my $r = perl_rand(); # returns $int random bytes my $r = rand_bytes($int);
Perl's built-in rand has a few problems:
the state is inherited across fork(), meaning its real easy to generate/use the same "random" number twice. Especially when using mod_perl. Yes I've been bitten by this before.
per perldoc "rand()" is not cryptographically secure. You should not rely on it in security-sensitive situations."
seeding is hard to get right
By default it uses the getentropy() (only available in > Linux 3.17) and falls back to /dev/arandom then /dev/urandom. Otherwise it dies.
This means it should "DoTheRightThing" on most unix based systems, including, OpenBSD, FreesBSD, Mac OSX, Linux, blah blah.
You: Yeah, Ok I see you're point, but do I actually want to use this?
Me: Maybe!, It could also be a really bad idea!
perl_rand() - the original rand(), only works on perls newer or equal to 5.16
rand_bytes($int) - returns $int rand bytes()
None by default. perl_rand(), rand_bytes();
Alex Hunsaker, <firstname.lastname@example.org<gt>
Copyright (C) 2014 by Alex Hunsaker
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.20.1 or, at your option, any later version of Perl 5 you may have available.