Subject: | Wrong generator is used for strong source |
In Crypt::Random::Source::Strong::SSLeay, the bytes are generated using:
Net::SSLeay::RAND_pseudo_bytes(my $buf, $n);
which is identical to the Weak version. The documentation for
Net::SSLeay as well as the OpenSSL documentation indicate RAND_bytes is
the cryptographically strong generator, while RAND_pseudo_bytes
generates standard PRNG data. The top-level module documentation
implies RAND_bytes is being used.
As an aside, the get method for this module is documented as returning
10 bytes. It takes an argument indicating the number of bytes, as shown
in the synopsis.