Skip Menu |

This queue is for tickets about the Math-Random-ISAAC CPAN distribution.

Report information
The Basics
Id: 89206
Status: new
Priority: 0/
Queue: Math-Random-ISAAC
People
Owner: Nobody in particular
Requestors: DANAJ [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.004
Fixed in: (no value)

History Show all quoted text
  Wed Oct 02 14:54:26 2013 DANAJ [...] cpan.org - Ticket created
Subject: Remove Math::TrulyRandom from documentation
The documentation mentions Math::TrulyRandom as "probably one of the better ways to seed the algorithm". Math::TrulyRandom is broken in both implementation and algorithm. The implementation does not work on Windows and goes into an infinite loop on most UNIX systems (the latter is fixable via a patch in the RT). The algorithm produces very poor results, with high correlation from most randomness testing software. The algorithm flaws were known by the algorithm author in the 90s and he produced newer versions that fix most of the issues, but that's not what Math::TrulyRandom implements. [caveat: I am the author of Crypt::Random::Seed and Crypt::Random::TESHA2] I wrote an alternate module: Crypt::Random::TESHA2 that is portable, passes tests, produces much better results, doesn't use XS, uses only CORE modules, runs much faster, and has quite a bit of documentation. Said documentation spends quite a bit of time explaining why using the module is a bad idea for most users in the 21st century. :) Instead, I would recommend Crypt::Random::Seed. It uses /dev/random, /dev/urandom, Win32 Crypto API, EGD, or TESHA2. This should give a strong seed on any platform, with a very small dependency chain (only one non-core module). Many alternatives are listed in the SEE ALSO section of the documentation, but here are some: - Crypt::Random::Source. Very nice API, but uses Moose, for goodness sake. That's 40+ modules in its dependency chain. - Crypt::URandom. Great, but only reads one source. - Crypt::Random. Uses Math::Pari, making it unacceptable to some people. - Data::Entropy. Has its own CSPRNG, and defaults to system rand. Math::Random::Secure uses Crypt::Random::Source. Bytes::Random::Secure uses Crypt::Random::Seed. I might suggest making the '/dev/random' entry be a little more generic -- /dev/random, /dev/urandom, Win32 Crypto API. The randomness is great, but to make it portable requires some thought (e.g. Windows, FreeBSD, make sure to use sysread). With Perl 5.14 and later, srand returns the seed and is in theory better than using just the time. But not much better.