Bug#537952: Use more random random seed than localtime

Wed Jul 22 18:51:23 UTC 2009

Hi Don:

On Wed, Jul 22, 2009 at 2:09 PM, Don Armstrong<don at debian.org> wrote:
> On Wed, 22 Jul 2009, Jonathan Yu wrote:
>> Incidentally, here is the quilt patch which should fix the issue. It
>> should also work on older Perls without Perl_seed, so I'll forward
>> this upstream (while making a simultaneous release in Debian) so
>> that hopefully it's fixed in the near future.
>
> 1) salph ignores huge swaths of entropy which is present in the seed,
> so I didn't want to use it (and I don't think it's the right thing to
> do.)[1] You'd certainly need more than one call to the seed to set it
> reasonably, and if you use salph, you don't need to restrict it to
> 1..2^30
Oh, I didn't know that. From my basic understanding of the code, it
converts the entropy data (as an integer) into a string, and uses that
somehow to get entropy. Like I said, I tried with the setseed method,
but I had an issue with tests failing.

The original implementation was calling setalph or whatever function
with scalar(localtime) as its parameter, so I assumed that passing the
Perl_seed (in place of localtime) would be the Right Thing(tm) to do.
>
> 2) Perl_seed generates a new seed every time you call it. It does not
> expose the internal state of the random number generator. (Reading its
> implementation will be instructive.)
>
> 3) Using localtime to seed the generator instead of failing (or at
> least warning) is bad. At the very least, it should use something
> like:
>
> time ^ $$ ^ unpack "%L*", `ps axww | gzip -f`
>
> or some other reasonable implementation as well as warning that you're
> not actually using random data.

About your following e-mail about Math::TrulyRandom -- I was saying to
use the data you get from there as a seed, so it doesn't matter that
what *it* returns is non-uniform, you'll still get a uniform
distribution after passing the seed through Math::Random. You're
right, I have no idea if the assumptions about underlying hardware
will still give it reasonable entropy, so maybe something like
/dev/random would be a better source.

Do you have specific issues with the current [patched] implementation?
It's producing different output even with several subsequent
executions, though I have no idea if it's generating biased output.
Certainly though it should at least be suitable for your purposes
(that is, simulations).

If you need more security, you should make sure you're using a
cryptographically secure PRNG algorithm and use some good seeds. Today
I was browsing CPAN and found some neat modules which do this sort of
thing, like Data::Entropy, which provides entropy useful for
cryptography (and so would be fantastic for seeding an RNG)

For a better, more modern RNG, I'd suggest using Math::Random::MT
(already packaged as libmath-random-mt-perl)

>
>
> Don Armstrong
>
> 1: The implementation of salph is also rather opaque and may not have
> uniform distribution for the input that you're passing it, leading to
> non-unform distribution of random values for repeated calls to the
> program. [I haven't read the paper it's based on, either...]
> --
> This can't be happening to me. I've got tenure.
>  -- James Hynes _Publish and Perish_
>
> http://www.donarmstrong.com              http://rzlab.ucr.edu
>
>
>