.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.if !\nF .nr F 0
.if \nF>0 \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    if !\nF==2 \{\
.        nr % 0
.        nr F 2
.    \}
.\}
.\" ========================================================================
.\"
.IX Title "Math::Random::Secure 3pm"
.TH Math::Random::Secure 3pm "2019-05-29" "perl v5.24.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Math::Random::Secure \- Cryptographically\-secure, cross\-platform replacement for rand()
.SH "VERSION"
.IX Header "VERSION"
version 0.080001
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& # Replace rand().
\& use Math::Random::Secure qw(rand);
\&
\& # Get a random number between 0 and 1
\& my $float = rand();
\&
\& # Get a random integer (faster than int(rand))
\& use Math::Random::Secure qw(irand);
\& my $int = irand();
\&
\& # Random integer between 0 and 9 inclusive.
\& $int = irand(10);
\&
\& # Random floating\-point number greater than or equal to 0.0 and
\& # less than 10.0.
\& $float = rand(10);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This module is intended to provide a cryptographically-secure replacement
for Perl's built-in \f(CW\*(C`rand\*(C'\fR function. \*(L"Crytographically secure\*(R", in this
case, means:
.IP "\(bu" 4
No matter how many numbers you see generated by the random number generator,
you cannot guess the future numbers, and you cannot guess the seed.
.IP "\(bu" 4
There are so many possible seeds that it would take decades, centuries,
or millenia for an attacker to try them all.
.IP "\(bu" 4
The seed comes from a source that generates relatively strong random data
on your platform, so the seed itself will be as random as possible.
.Sp
See \*(L"\s-1IMPLEMENTATION DETAILS\*(R"\s0 for more information about the underlying
systems used to implement all of these guarantees, and some important
caveats if you're going to use this module for some very-high-security
purpose.
.SH "METHODS"
.IX Header "METHODS"
.SS "rand"
.IX Subsection "rand"
Should work exactly like Perl's built-in \f(CW\*(C`rand\*(C'\fR. Will automatically
call \f(CW\*(C`srand\*(C'\fR if \f(CW\*(C`srand\*(C'\fR has never been called in this process or
thread.
.PP
There is one limitation\*(--Math::Random::Secure is backed by a 32\-bit
random number generator. So if you are on a 64\-bit platform and you
specify a limit that is greater than 2^32, you are likely to get
less-random data.
.SS "srand"
.IX Subsection "srand"
\&\fBNote:\fR Under normal circumstances, you should \fBnot\fR call this function,
as \f(CW\*(C`rand\*(C'\fR and \f(CW\*(C`irand\*(C'\fR will automatically call it for you the first time
they are used in a thread or process.
.PP
Seeds the random number generator, much like Perl's built-in \f(CW\*(C`srand\*(C'\fR,
except that it uses a much larger and more secure seed. The seed should
be passed as a string of bytes, at least 8 bytes in length, and more
ideally between 32 and 64 bytes. (See \*(L"seed\*(R" in Math::Random::Secure::RNG
for more info.)
.PP
If you do not pass a seed, a seed will be generated automatically using
a secure mechanism. See \*(L"\s-1IMPLEMENTATION DETAILS\*(R"\s0 for more information.
.PP
This function returns the seed that generated (or the seed that was passed
in, if you passed one in).
.SS "irand"
.IX Subsection "irand"
Works somewhat like \*(L"rand\*(R", except that it returns a 32\-bit integer
between 0 and 2^32. Should be faster than doing \f(CW\*(C`int(rand)\*(C'\fR.
.PP
Note that because it returns 32\-bit integers, specifying a limit
greater than 2^32 will have no effect.
.SH "IMPLEMENTATION DETAILS"
.IX Header "IMPLEMENTATION DETAILS"
Currently, Math::Random::Secure is backed by Math::Random::ISAAC, a
cryptographically-strong random number generator with no known serious
weaknesses. If there are significant weaknesses found in \s-1ISAAC,\s0 we will
change our backend to a more-secure random number generator. The goal is
for Math::Random::Secure to be cryptographically strong, not to represent
some specific random number generator.
.PP
Math::Random::Secure seeds itself using Crypt::Random::Source. The
underlying implementation uses \fI/dev/urandom\fR on Unix-like platforms, and the
\&\f(CW\*(C`RtlGenRandom\*(C'\fR or \f(CW\*(C`CryptGenRandom\*(C'\fR functions on Windows 2000 and
above. (There is no support for versions of Windows before Windows 2000.)
If any of these seeding sources are not available and you have other
Crypt::Random::Source modules installed, Math::Random::Secure will use
those other sources to seed itself.
.SS "Making Math::Random::Secure Even More Secure"
.IX Subsection "Making Math::Random::Secure Even More Secure"
We use \fI/dev/urandom\fR on Unix-like systems, because one of the requirements
of duplicating \f(CW\*(C`rand\*(C'\fR is that we never block waiting for seed data,
and \fI/dev/random\fR could do that. However, it's possible that \fI/dev/urandom\fR
could run out of \*(L"truly random\*(R" data and start to use its built-in
pseudo-random number generator to generate data. On most systems, this should
still provide a very good seed for nearly all uses, but it may not be suitable
for very high-security cryptographic circumstances.
.PP
For Windows, there are known issues with \f(CW\*(C`CryptGenRandom\*(C'\fR on Windows 2000
and versions of Windows \s-1XP\s0 before Service Pack 3. However, there is no
other built-in method of getting secure random data on Windows, and I suspect
that these issues will not be significant for most applications of
Math::Random::Secure.
.PP
If either of these situations are a problem for your use, you can create
your own Math::Random::Secure::RNG object with a different \*(L"seeder\*(R"
argument, and set \f(CW$Math::Random::Secure::RNG\fR to your own instance of
Math::Random::Secure::RNG. The \*(L"seeder\*(R" is an instance of
Crypt::Random::Source::Base, which should allow you to use most
random-data sources in existence for your seeder, should you wish.
.SS "Seed Exhaustion"
.IX Subsection "Seed Exhaustion"
Perl's built-in \f(CW\*(C`srand\*(C'\fR reads 32 bits from \fI/dev/urandom\fR. By default,
we read 512 bits. This means that we are more likely to exhaust available
truly-random data than the built-in \f(CW\*(C`srand\*(C'\fR is, and cause \fI/dev/urandom\fR
to fall back on its psuedo-random number generator. Normally this is not
a problem, since \*(L"srand\*(R" is only called once per Perl process or thread,
but it is something that you should be aware of if you are going to
be in a situation where you have many new Perl processes or threads
and you have very high security requirements (on the order of generating
private \s-1SSH\s0 or \s-1GPG\s0 keypairs, \s-1SSL\s0 private keys, etc.).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
.IP "<http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator>" 4
.IX Item "<http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator>"
Describes the requirements and nature of a cryptographically-secure
random number generator.
.IP "<http://en.wikipedia.org/wiki/CryptGenRandom>," 4
.IX Item "<http://en.wikipedia.org/wiki/CryptGenRandom>,"
More information about the Windows functions we use to seed ourselves. The
article also has some information about the weaknesses in Windows 2000's
\&\f(CW\*(C`CryptGenRandom\*(C'\fR implementation.
.IP "<http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug>" 4
.IX Item "<http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug>"
A news article about the Windows 2000/XP CryptGenRandom weakness, fixed
in Vista and \s-1XP\s0 Service Pack 3.
.IP "<http://en.wikipedia.org/wiki/Random_number_generator_attack>" 4
.IX Item "<http://en.wikipedia.org/wiki/Random_number_generator_attack>"
A description of ways to attack a random number generator, which can
help in understanding why such a generator needs to be secure.
.IP "Math::Random::Secure::RNG" 4
.IX Item "Math::Random::Secure::RNG"
The underlying random-number generator and seeding code for
Math::Random::Secure.
.IP "Crypt::Source::Random" 4
.IX Item "Crypt::Source::Random"
.PD 0
.IP "Crypt::Random" 4
.IX Item "Crypt::Random"
.IP "Math::TrulyRandom" 4
.IX Item "Math::TrulyRandom"
.PD
All of these modules contain generators for \*(L"truly random\*(R" data, but they
don't contain a simple \f(CW\*(C`rand\*(C'\fR replacement and they can be very slow.
.SH "SUPPORT"
.IX Header "SUPPORT"
Right now, the best way to get support for Math::Random::Secure is to email
the author using the email address in the \*(L"\s-1AUTHORS\*(R"\s0 section below.
.SH "BUGS"
.IX Header "BUGS"
Math::Random::Secure is relatively new, as of December 2010, but the
modules that underlie it are very well-tested and have a long history.
However, the author still welcomes all feedback and bug reports, particularly
those having to do with the security assurances provided by this module.
.PP
You can report a bug by emailing \f(CW\*(C`bug\-Math\-Random\-Secure@rt.cpan.org\*(C'\fR or
by using the \s-1RT\s0 web interface at
<https://rt.cpan.org/Ticket/Display.html?Queue=Math\-Random\-Secure>. If
your bug report is security-sensitive, you may also email it directly to the
author using the email address in the \*(L"\s-1AUTHORS\*(R"\s0 section below.
.SH "AUTHORS"
.IX Header "AUTHORS"
.IP "\(bu" 4
Max Kanat-Alexander <mkanat@cpan.org>
.IP "\(bu" 4
Arthur Axel \*(L"fREW\*(R" Schmidt <math\-random\-secure@afoolishmanifesto.com>
.SH "COPYRIGHT AND LICENSE"
.IX Header "COPYRIGHT AND LICENSE"
This software is Copyright (c) 2010 by BugzillaSource, Inc.
.PP
This is free software, licensed under:
.PP
.Vb 1
\&  The Artistic License 2.0 (GPL Compatible)
.Ve