in reply to RE: RE (tilly) 1: a random sort of list
in thread "a random sort of list"
Actually, modern Perl (since 5.004) does much better than srand(time()). The probable seed looks something like:
where ${undef} is whatever integer is left on the stack and \$x is a pointer into the stack. Note that the above Perl code doesn't actually work; it is just an approximation of what the C code inside Perl is doing.srand 1000003*time() + 3*$usec + 269*$$ + 73819*${undef} + 26107*\$x
On systems with /dev/urandom, that is just used instead, which is pretty good. Use /dev/random if you have it, though you may have to wait for enough entropy to gather. But back to the case of systems without /dev/*random...
Although the code is described as a "quick hack" (because it doesn't do some fancy summing but just multiplies and adds), it would be hard to do much better portably from within a Perl script.
But this still isn't enough for cryptographic uses. Repeated runs of the same script might well yield the same values for the "what is left on the stack" and the "address into the stack" while the other values can be predicted to a certain extent.
So if you come up with something that seems really hard to predict, just add it into Perl's seed rather than replacing it. In other words:
is probably not nearly as good of an idea as, for example:srand( fancyseed() );
Suggestions for better ways to add randomness in are welcome.srand( rand(~0) ^ fancyseed() );
The documentation on srand() in perlfunc.pod is also worth reading.
- tye (but my friends call me "Tye")
|
|---|