Random Numbers in Perl

Jason jkenner@mindspring.com
Wed, 08 Nov 2000 08:41:11 -0700


Nathan Saper wrote:
> > The most common portable method of obtaining cryptographically strong
> > random numbers is to generate a seed using the HACK device. (Human At
> > Computer Keyboard :) I believe PGP relies on this method.
> This is probably a stupid question, but: What would be the best way to
> implement this sort of arrangement in Perl?

Ive given this some thought, and have decided that I would need to
know more about the specific nature of your application to answer.
Obviously, the timing of individual keystrokes is not available to a
perl script running on a remote webserver, which only sees a
form-submit as a single clump of data. Basically, with the requirement
for that level of interactivity, totally independant perl coding isnt
possible.

One could generate a seed from a hash of a user-supplied paragraph,
but I am not sure that this would be anywhere near random enough for
the generation of a 1024bit key... Requiring the user to type more
than that would be inconvienent to say the least...



-- 
jkenner @ mindspring . com__
I Support Linux:           _> _  _ |_  _  _     _|
Working Together To       <__(_||_)| )| `(_|(_)(_|
To Build A Better Future.       |                   <s>