Skip Menu |

This queue is for tickets about the Crypt-Random-Source-SSLeay CPAN distribution.

Report information
The Basics
Id: 82418
Status: new
Priority: 0/
Queue: Crypt-Random-Source-SSLeay

Owner: Nobody in particular
Requestors: DANAJ [...]

Bug Information
Severity: Important
Broken in: 0.02
Fixed in: (no value)

Subject: Wrong generator is used for strong source
Download (untitled) / with headers
text/plain 583b
In Crypt::Random::Source::Strong::SSLeay, the bytes are generated using: Net::SSLeay::RAND_pseudo_bytes(my $buf, $n); which is identical to the Weak version. The documentation for Net::SSLeay as well as the OpenSSL documentation indicate RAND_bytes is the cryptographically strong generator, while RAND_pseudo_bytes generates standard PRNG data. The top-level module documentation implies RAND_bytes is being used. As an aside, the get method for this module is documented as returning 10 bytes. It takes an argument indicating the number of bytes, as shown in the synopsis.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to