Skip Menu |

This queue is for tickets about the Data-Entropy CPAN distribution.

Report information
The Basics
Id: 99122
Status: open
Priority: 0/
Queue: Data-Entropy
People
Owner: Nobody in particular
Requestors: victor [...] vsespb.ru
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Sep 24 14:25:28 2014 victor [...] vsespb.ru - Ticket created
Subject: hard to use for password salts
Trying to use the module for password salting in web application. We cannot use default rand(), since === use Data::Entropy qw(entropy_source); rand(); fork(); $i = entropy_source->get_int(12345); print $$, "\t", $i, "\n"; === prints same random numbers for different processes, and that's exactly how our application works: it has fork, and hash our $var = shuffle(1,2...) in one of modules, so rand() is called before fork (shuffle uses rand). And, we cannot use entropy source, which uses /dev/random since it's exteremely slow (and important: we'll need to migrate existing passwords for all users to new scheme, once they login). So, would be great to have something like /dev/urandom + crypt counter, or sth..
  Wed Sep 24 18:26:33 2014 AKZHAN [...] cpan.org - Correspondence added
Just for information - now we did workaround like this: sub get_salt { my ( $length_in_bytes ) = @_; my $new_pid = $$; state $source = entropy_source; if ( $new_pid != $pid ) { $pid = $new_pid; srand(); my $key = ""; for(my $i = 32; $i--; ) { $key .= chr(int(rand(256))); } $source = Data::Entropy::Source->new( Data::Entropy::RawSource::CryptCounter->new( Crypt::Rijndael->new($key) ), "getc" ); } my $salt; with_entropy_source( $source, sub { $salt = rand_bits($length_in_bytes * OCTET_SIZE); }); return $salt; }
  Wed Sep 24 18:26:33 2014 The RT System itself - Status changed from 'new' to 'open'