http://www.perlmonks.org?node_id=539982


in reply to What is the truth about srand()?

call srand when you want a seed which is not /dev/urandom.
What exactly are you using this for? if crypto, put care and thought into it.

from my docs on srand:

Note that you need something much more random than the default seed for cryptographic purposes. Checksumming the compressed output of one or more rapidly changing operating system status programs is the usual method. For example: srand (time ^ $$ ^ unpack "%L*", ‘ps axww │ gzip‘); If you’re particularly concerned with this, see the "Math::Tru lyRandom" module in CPAN.

also, what is your version of Perl? I can't speak for your version but here is a relevant passage from mine. v5.8.5

Most programs won’t even call srand() at all, except those that need a cryptographically-strong starting point rather than the generally acceptable default, which is based on time of day, process ID, and memory allocation, or the /dev/urandom device, if available.

Replies are listed 'Best First'.
Re^2: What is the truth about srand()?
by merlyn (Sage) on Mar 29, 2006 at 15:51 UTC
[reply]
      My knowledge is creaky and old, and my typing is worse! So, I'm glad someone is awake with a sense of humor around here. I need good slap down.

      How about this: calling srand without an expression causes it to use a default which my be /dev/urandom in a best case.

      But you usually don't want to explicitly call srand unless you are going to supply your own seed EXPR. let rand do it for you!

      update: I'm going to crawl back into my cubicle like bed and come back when I can actually read your question and respond more thoughtfully. You are obviously using rand and were just wondering what the seed was. on *nix, it will most likely be /dev/urandom. But if a security guy is asking and you need crypto level randomness then my over obvious post might have some mete of merit.

[reply]

In Section Seekers of Perl Wisdom