|
NAMENet::Random - get random data from online sourcesSYNOPSISmy $rand = Net::Random->new( # use fourmilab.ch's randomness source, src => 'fourmilab.ch', # and return results from 1 to 2000 min => 1, max => 2000 ); @numbers = $rand->get(5); # get 5 numbers my $rand = Net::Random->new( # use qrng.anu.edu.au's randomness source, src => 'qrng.anu.edu.au', # with no explicit range - so values will ); # be in the default range from 0 to 255 my $rand = Net::Random->new( # use random.org's randomness source, src => 'random.org', ); $number = $rand->get(); # get 1 random number OVERVIEWThe three sources of randomness above correspond to <https://www.fourmilab.ch/cgi-bin/uncgi/Hotbits?nbytes=1024&fmt=hex>, <https://random.org/cgi-bin/randbyte?nbytes=1024&format=hex> and <https://qrng.anu.edu.au/API/jsonI.php?length=1024&size=1&type=uint8>. We always get chunks of 1024 bytes at a time, storing it in a pool which is used up as and when needed. The pool is shared between all objects using the same randomness source. When we run out of randomness we go back to the source for more juicy random goodness.If you have set a http_proxy variable in your environment, this will be honoured. While we always fetch 1024 bytes, data can be used up one, two, three or four bytes at a time, depending on the range between the minimum and maximum desired values. There may be a noticeable delay while more random data is fetched. The maintainers of all the randomness sources claim that their data is *truly* random. A some simple tests show that they are certainly more random than the "rand()" function on this 'ere machine. METHODS
BUGSDoesn't handle really BIGNUMs. Patches are welcome to make it use Math::BigInt internally. Note that you'll need to calculate how many random bytes to use per result. I strongly suggest only using BigInts when absolutely necessary, because they are slooooooow.Tests are a bit lame. Really needs to test the results to make sure they're as random as the input (to make sure I haven't introduced any bias). SECURITY CONCERNSTrue randomness is very useful for cryptographic applications. Unfortunately, I can not recommend using this module to produce such random data. While some simple testing shows that we can be fairly confident that it is random, and the published methodologies on all the sites used looks sane, you can not, unfortunately, trust that you are getting unique data (ie, someone else might get the same bytes as you), that they don't log who gets what data, or that no-one is intercepting it en route to surreptitiously make a copy..Be aware that if you use an http_proxy - or if your upstream uses a transparent proxy like some of the more shoddy consumer ISPs do - then that is another place that your randomness could be compromised. Even if using https a sophisticated attacker may be able to intercept your data, because I make no effort to verify the sources' SSL certificates (I'd love to receive a patch to do this) and even if I did, there have been cases when trusted CAs issued bogus certificates, which could be used in MITM attacks. I should stress that I *do* trust all the site maintainers to give me data that is sufficiently random and unique for my own uses, but I can not recommend that you do too. As in any security situation, you need to perform your own risk analysis. ERROR HANDLINGThere are two types of error that this module can emit which aren't your fault. Those are network errors, in which case it emits a warning:Net::Random: Error talking to [your source] and errors generated by the randomness sources, which look like: Net::Random: [your source] [message] Once you hit either of these errors, it means that either you have run out of randomness and can't get any more, or you are very close to running out of randomness. Because this module's raison d'être is to provide a source of truly random data when you don't have your own one available, it does not provide any pseudo-random fallback. If you want to implement your own fallback, you can catch those warnings by using $SIG{__WARN__}. See "perldoc perlvar" for details. FEEDBACKI welcome feedback about my code, especially constructive criticism.AUTHOR, COPYRIGHT and LICENCECopyright 2003 - 2012 David Cantrell <david@cantrell.org.uk>This software is free-as-in-speech software, and may be used, distributed, and modified under the terms of either the GNU General Public Licence version 2 or the Artistic Licence. It's up to you which one you use. The full text of the licences can be found in the files GPL2.txt and ARTISTIC.txt, respectively. THANKS TOThanks are also due to the maintainers of the randomness sources. See their web sites for details on how to praise them.Suggestions from the following people have been included:
And patches from:
CONSPIRACYThis module is also free-as-in-mason software.
Visit the GSP FreeBSD Man Page Interface. |