diff options
author | Jesse Vincent <jesse@bestpractical.com> | 2011-04-19 23:53:07 +1000 |
---|---|---|
committer | Jesse Vincent <jesse@bestpractical.com> | 2011-04-20 00:39:08 +1000 |
commit | 9700c45b7e3bd512c56a8c3607f53e73245de6db (patch) | |
tree | d336cd81be30566931b59cf4b5c42b6a049fa6b9 | |
parent | f3fd521e97e17e487d338c4534dfc6b72ddb4e06 (diff) | |
download | perl-9700c45b7e3bd512c56a8c3607f53e73245de6db.tar.gz |
Update the documentation for rand() to note that it's not
cryptographically secure due to concerns that end-users are unaware of
this and use it in situations where security depends on the strength of
the randomness generated.
I'd have been happier getting this patch in earlier in the cycle.
We'd hoped to replace the RNG, but that didn't happen in time, so this
doc update is the "better, still not good" fallback.
-rw-r--r-- | pod/perlfunc.pod | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index f6fef97219..26b89499a2 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -4578,6 +4578,13 @@ returns a random integer between C<0> and C<9>, inclusive. large or too small, then your version of Perl was probably compiled with the wrong number of RANDBITS.) +B<C<rand()> is not cryptographically secure. You should not rely +on it in security-sensitive situations.> As of this writing, a +number of third-party CPAN modules offer random number generators +intended by their authors to be cryptographically secure, +including: L<Math::Random::Secure>, L<Math::Random::MT::Perl>, and +L<Math::TrulyRandom>. + =item read FILEHANDLE,SCALAR,LENGTH,OFFSET X<read> X<file, read> |