Bug#537952: Use more random random seed than localtime

[Don Armstrong]

On Wed, 22 Jul 2009, Jonathan Yu wrote:
> Incidentally, here is the quilt patch which should fix the issue. It
> should also work on older Perls without Perl_seed, so I'll forward
> this upstream (while making a simultaneous release in Debian) so
> that hopefully it's fixed in the near future.

1) salph ignores huge swaths of entropy which is present in the seed,
so I didn't want to use it (and I don't think it's the right thing to
do.)[1] You'd certainly need more than one call to the seed to set it
reasonably, and if you use salph, you don't need to restrict it to
1..2^30

2) Perl_seed generates a new seed every time you call it. It does not
expose the internal state of the random number generator. (Reading its
implementation will be instructive.)

3) Using localtime to seed the generator instead of failing (or at
least warning) is bad. At the very least, it should use something
like:

time ^ $$ ^ unpack "%L*", `ps axww | gzip -f`

or some other reasonable implementation as well as warning that you're
not actually using random data.


Don Armstrong

1: The implementation of salph is also rather opaque and may not have
uniform distribution for the input that you're passing it, leading to
non-unform distribution of random values for repeated calls to the
program. [I haven't read the paper it's based on, either...]
-- 
This can't be happening to me. I've got tenure.
 -- James Hynes _Publish and Perish_

http://www.donarmstrong.com              http://rzlab.ucr.edu