Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Your random numbers are not that random (UtS,L)

by tye (Cardinal)
on Jul 21, 2012 at 23:00 UTC ( #983022=note: print w/ replies, xml ) Need Help??


in reply to Your random numbers are not that random

You have easy access to the full source code and you have a string that is not hard to search for. But, when you get an error message that doesn't make enough sense to you, you can also just check perldiag, which says:

(F) When trying to initialise the random seed for hashes, Perl could not get any randomness out of your system. This usually indicates Something Very Wrong.

Which means you need to go look at the source code anyway. It was very easy for me to find this: 

UV
Perl_get_hash_seed(pTHX)
{
    dVAR;
     const char *s = PerlEnv_getenv("PERL_HASH_SEED");
     UV myseed = 0;

     if (s)
        while (isSPACE(*s))
            s++;
     if (s && isDIGIT(*s))
          myseed = (UV)Atoul(s);
     else
#ifdef USE_HASH_SEED_EXPLICIT
     if (s)
#endif
     {
          /* Compute a random seed */
          (void)seedDrand01((Rand_seed_t)seed());
          myseed = (UV)(Drand01() * (NV)UV_MAX);
#if RANDBITS < (UVSIZE * 8)
          /* Since there are not enough randbits to to reach all
           * the bits of a UV, the low bits might need extra
           * help.  Sum in another random number that will
           * fill in the low bits. */
          myseed +=
               (UV)(Drand01() * (NV)((((UV)1) << ((UVSIZE * 8 - RANDBI
+TS))) - 1)
»);
#endif /* RANDBITS < (UVSIZE * 8) */
          if (myseed == 0) { /* Superparanoia. */
              myseed = (UV)(Drand01() * (NV)UV_MAX); /* One more chanc
+e. */
              if (myseed == 0)
                  Perl_croak(aTHX_ "Your random numbers are not that r
+andom");
          }
     }
     PL_rehash_seed_set = TRUE;

     return myseed;
}

[download]

Which suggests that a quick, temporary work-around might be to put some integer into your PERL_HASH_SEED environment variable.

- tye        


Comment on Re: Your random numbers are not that random (UtS,L)
Download Code
Re^2: Your random numbers are not that random (UtS,L)
by davies (Priest) on Jul 21, 2012 at 23:06 UTC

    Thanks. I'll look into that on the working and non-working cards and report back with an update. I hadn't heard of perldiag before, but even if I had, it wouldn't have helped me as C (I'm assuming it's C) is a language I don't speak and the code you have shown is, I'm sorry to say, incomprehensible to me. But I can see that copying files would not have copied environment variables and that this is not only something I can do but something likely to work.

    Thanks again and regards,

    John Davies

    Update as promised: All the environment variables I could find, whether in Linux or Perl, were the same on both cards. The Perl ones seemed to be straight copies of the Linux ones. I was looking in %ENV. Are there other places that Perl environment variables are kept?

[reply]

      The C code calls Drand01() to initialise the hash seed. However, it is returning 0 for some reason. Drand01 is a frontend macro to the system random number generator -- which one, I have no clue. You could look at Perl's configure output to figure that one out.

      This method is only for randomising the hash seed. It might not be critical for the installation. If you plan to make Perl user-accessible (e.g. a web service), you might run into a denial of service attack at worst. And, indeed, you can "fix" that with the aforementioned environment variable.

[reply]
        A simple denial-of-service vulnerability is far from the worst-case scenario... If the code has any sort of cryptographic functionality, if it generates random passwords, or anything of that sort, then weak random numbers can lead to far worse than that, as they'll give an attacker a much better chance of guessing any randomly-generated values (such as session keys or random passwords).

        Of course, if you're doing anything along those lines, I sincerely hope that you'd be using a properly-installed perl rather than one copied onto an SD card, so this is unlikely to be an issue in practice.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://983022]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (12)
As of 2013-05-19 21:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best material for plates (tableware) is:









    Results (397 votes), past polls