From a47d906d1d56a1a383150f048ef9d96b1ff10bd1 Mon Sep 17 00:00:00 2001 From: Robert Rothenberg Date: Thu, 27 Mar 2025 17:59:27 +0000 Subject: Use Crypt::URandom to seed the default source --- Build.PL | 1 + lib/Data/Entropy.pm | 13 +++---------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/Build.PL b/Build.PL index 5d39378..322b88d 100644 --- a/Build.PL +++ b/Build.PL @@ -27,6 +27,7 @@ Module::Build->new( requires => { "Carp" => 0, "Crypt::Rijndael" => 0, + "Crypt::URandom" => 0.36, "Data::Float" => "0.008", "Errno" => "1.00", "Exporter" => 0, diff --git a/lib/Data/Entropy.pm b/lib/Data/Entropy.pm index 13ce92f..610db45 100644 --- a/lib/Data/Entropy.pm +++ b/lib/Data/Entropy.pm @@ -27,12 +27,7 @@ avoiding the need to explicitly configure a source at all. If nothing is done to set a source then it defaults to the use of Rijndael (AES) in counter mode (see L -and L), keyed using Perl's built-in C function. -This gives a data stream that looks like concentrated entropy, but really -only has at most the entropy of the C seed. Within a single run it -is cryptographically difficult to detect the correlation between parts -of the pseudo-entropy stream. If more true entropy is required then it -is necessary to configure a different entropy source. +and L), keyed using L. =cut @@ -75,10 +70,8 @@ sub entropy_source() { } unless(defined $entropy_source) { unless(defined $default_entropy_source) { - my $key = ""; - for(my $i = 32; $i--; ) { - $key .= chr(int(CORE::rand(256))); - } + require Crypt::URandom; + my $key = Crypt::URandom::urandom(32); require Crypt::Rijndael; require Data::Entropy::RawSource::CryptCounter; require Data::Entropy::Source; -- 2.30.2