Bug#537952: Use more random random seed than localtime

Don Armstrong don at donarmstrong.com
Wed Jul 22 08:11:23 UTC 2009


On Tue, 21 Jul 2009, Jonathan Yu wrote:
> On Tue, Jul 21, 2009 at 7:03 PM, Don Armstrong<don at debian.org> wrote:
> > $ for a in $(seq 1 20); do perl -MMath::Random=random_uniform -e 'print join(q( ),random_uniform(4)),qq(\n)'; done;
> > 0.489988645840918 0.579920159789368 0.993361818807086 0.955731167568429
> > 0.489988645840918 0.579920159789368 0.993361818807086 0.955731167568429
> 
> Maybe a simpler solution (which doesn't require changes to the local
> Math::Random) would be to use a module like Math::TrulyRandom to get
> some truly random data, or otherwise get the data from, say,
> /dev/random, to use as your seed. You can then set Math::Random's
> seed using random_set_seed(@seed)

Yeah; that's certainly one way of fixing it locally.

> > It should instead call Perl_seed to generate the random number in
> > XS. I'll probably send in a patch in a bit which does this. [I
> > probably won't bother to make it compatible with pre 5.8 versions
> > of perl which don't have it, but that's not my problem.]
>
> I'm unfamiliar with how Perl_seed is supposed to work, and how such
> a seed is obtained. It may still be safer to use Math::TrulyRandom,
> which uses the timing of interrupts to get some real random data...

Perl_seed returns some random data which can then be used to seed a
random number generator. (If /dev/urandom is available, it uses that;
if not, it tries to get some random data from other sources.)
 
> I'm not sure how Perl_seed is shared, between forks and between
> threads, so that might be an issue with respect to security. Likely
> such a seed isn't intended for cryptographic use, but is used for
> seeding the hash algorithm to prevent denial of service type
> attacks.

It's certainly not for cryptography, but it's the standard method of
generating a seed from within perl. See List::Util::shuffle for an
example of its use.


Don Armstrong

-- 
Information wants to be free to kill again.
 -- Red Robot http://www.dieselsweeties.com/archive.php?s=1372

http://www.donarmstrong.com              http://rzlab.ucr.edu





More information about the pkg-perl-maintainers mailing list