|Subject:||Wrong generator is used for strong source|
In Crypt::Random::Source::Strong::SSLeay, the bytes are generated using: Net::SSLeay::RAND_pseudo_bytes(my $buf, $n); which is identical to the Weak version. The documentation for Net::SSLeay as well as the OpenSSL documentation indicate RAND_bytes is the cryptographically strong generator, while RAND_pseudo_bytes generates standard PRNG data. The top-level module documentation implies RAND_bytes is being used. As an aside, the get method for this module is documented as returning 10 bytes. It takes an argument indicating the number of bytes, as shown in the synopsis.