|Keep It Simple, Stupid|
|on Aug 24, 1999 at 22:42 UTC||Need Help??|
See the current Perl documentation for srand.
Here is our local, out-dated (pre-5.6) version:
srand - seed the random number generator
Sets the random number seed for the rand() operator. If EXPR is omitted, uses a semi-random value based on the current time and process ID, among other things. In versions of Perl prior to 5.004 the default seed was just the current time(). This isn't a particularly good seed, so many old programs supply their own seed value (often time ^ $$ or time ^ ($$ + ($$ << 15))), but that isn't necessary any more.
In fact, it's usually not necessary to call srand() at all, because if it is not called explicitly, it is called implicitly at the first use of the rand() operator. However, this was not the case in version of Perl before 5.004, so if your script will run under older Perl versions, it should call srand().
Note that you need something much more random than the default seed for cryptographic purposes. Checksumming the compressed output of one or more rapidly changing operating system status programs is the usual method. For example:
srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
If you're particularly concerned with this, see the
Do not call srand() multiple times in your program unless you know exactly what you're doing and why you're doing it. The point of the function is to ``seed'' the rand() function so that rand() can produce a different sequence each time you run your program. Just do it once at the top of your program, or you won't get random numbers out of rand()!
Frequently called programs (like CGI scripts) that simply use
time ^ $$
for a seed can fall prey to the mathematical property that
a^b == (a+1)^(b+1)
one-third of the time. So don't do that.