Bug #3130 for CGI-Session: CGI::Session::ID::Random new ID generator

Sun Aug 03 05:38:07 2003 Guest - Ticket created

Subject:

CGI::Session::ID::Random new ID generator

I've coded what I think is the fastest and most secure ID generator for CGI::Session. It uses /dev/urandom thus using this good random generator. It won't work on windows as I don't know how to access windows random generator (if it has one) but will work on other unices with this interface. This driver is using a hexencoded 128bit (16 bytes) data. I think it would be a good idea to default to this ID generator and fall back to other ID generator if the system doesn't have a random number generator. I've just post here so nobody forgets.

package CGI::Session::ID::Random; # $Id: Random.pm,v 3.1 2002/11/27 12:26:05 sherzodr Exp $ use strict; use Fcntl; use vars qw($VERSION); ($VERSION) = '$Revision: 3.1 $' =~ m/Revision:\s*(\S+)/; sub generate_id { my $self = shift; unless (sysopen(FH, '/dev/urandom', O_RDONLY) ) { $self->error("Couldn't open /dev/urandom: $!"); return undef; } my $ID; sysread(FH, $ID, 16); unless ( close(FH) ) { $self->error("Couldn't close /dev/urandom: $!"); return undef; } $ID =~ s/(.)/sprintf("%02x",ord($1))/eg; return $ID; } 1; =pod =head1 NAME CGI::Session::ID::Random - CGI::Session Random driver =head1 SYNOPSIS use CGI::Session qw/-api3/; $session = new CGI::Session("id:Random", undef); =head1 DESCRIPTION CGI::Session::ID::Random is to generate encoded hexidecimal random ids using /dev/urandom. The method does not require any arguments. This driver should be the fastest and most secure ID generator. =head1 COPYRIGHT Copyright (C) 2003 Eduardo Pérez Ureta. All rights reserved. This library is free software. You can modify and distribute it under the same terms as Perl itself. =head1 AUTHOR Eduardo Pérez Ureta <eperez@it.uc3m.es> Feedbacks, suggestions and patches are welcome. =head1 SEE ALSO =over 4 =item * L<Incr|CGI::Session::ID::Incr> - Auto Incremental ID generator =item * L<CGI::Session|CGI::Session> - CGI::Session manual =item * L<CGI::Session::Tutorial|CGI::Session::Tutorial> - extended CGI::Session manual =item * L<CGI::Session::CookBook|CGI::Session::CookBook> - practical solutions for real life problems =item * B<RFC 2965> - "HTTP State Management Mechanism" found at ftp://ftp.isi.edu/in-notes/rfc2965.txt =item * L<CGI|CGI> - standard CGI library =item * L<Apache::Session|Apache::Session> - another fine alternative to CGI::Session =back =cut

Thu Jul 21 19:18:29 2005 MARKSTOS [...] cpan.org - Taken

Thu Jul 21 19:20:53 2005 MARKSTOS [...] cpan.org - Correspondence added

[guest - Sun Aug 3 05:38:07 2003]: Show quoted text

> I've coded what I think is the fastest and most secure ID generator > for > CGI::Session. It uses /dev/urandom thus using this good random > generator. > It won't work on windows as I don't know how to access windows random > generator (if it has one) but will work on other unices with this > interface. This driver is using a hexencoded 128bit (16 bytes) data. > I think it would be a good idea to default to this ID generator and > fall > back to other ID generator if the system doesn't have a random number > generator. > > I've just post here so nobody forgets.

Hello, I'm sorry it's taken so long for someone to respond to you about this. Your project sounds interesting. Please go ahead and complete your driver with tests and docs and post it on CPAN. From there we can evaluate whether to make it the new default. I know that FreeBSD deals with randomness a little differently and takes more configuration, so I'll be interested to find out about the portability of your solution. Mark

Thu Jul 21 19:20:54 2005 MARKSTOS [...] cpan.org - Status changed from 'new' to 'open'

Thu Jul 21 19:21:15 2005 MARKSTOS [...] cpan.org - Status changed from 'open' to 'stalled'

Fri Mar 03 19:57:41 2006 MARKSTOS [...] cpan.org - Correspondence added

I'm resolving this due to lack response from the original requestor. The request can be mostly addressed by a third-party upload anyway. Mark

Fri Mar 03 19:57:44 2006 The RT System itself - Status changed from 'stalled' to 'open'

Fri Mar 03 19:57:48 2006 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'