Bug#537952: Use more random random seed than localtime
Don Armstrong
don at debian.org
Wed Jul 22 18:18:25 UTC 2009
On Wed, 22 Jul 2009, Jonathan Yu wrote:
> I'm a bit concerned about exposing Perl's seed value to Perl programs
> though. It's a bit dangerous since knowing this value for a particular
> instance could lead to an algorithmic complexity denial of service
> attack.
>
> I would still recommend using Math::TrulyRandom to get some random
> data. This data definitely looks good enough for use in simulations
> though :-)
Unless you're on a non-POSIX system, Perl_seed only returns real
random data, which is certainly of higher quality than
Math::TrulyRandom. [In fact, I wouldn't use Math::TrulyRandom
anywhere, as it relies on serious assumptions about the hardware which
it is running on which probably don't apply to anything post about
1998. It doesn't even claim to produce uniformly distributed random
numbers.]
Compare the implementation of truerand.c in it to rand.c for an
exercise.
Don Armstrong
--
"What, now?"
"Soon equates to good, later to worse, Uagen Zlepe, scholar.
Therefore, immediacy."
-- Iain M. Banks _Look to Windward_ p 213
http://www.donarmstrong.com http://rzlab.ucr.edu
More information about the pkg-perl-maintainers
mailing list