Skip Menu |
 

This queue is for tickets about the Data-Entropy CPAN distribution.

Report information
The Basics
Id: 99122
Status: open
Priority: 0/
Queue: Data-Entropy

People
Owner: Nobody in particular
Requestors: victor [...] vsespb.ru
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: hard to use for password salts
Download (untitled) / with headers
text/plain 721b
Trying to use the module for password salting in web application. We cannot use default rand(), since === use Data::Entropy qw(entropy_source); rand(); fork(); $i = entropy_source->get_int(12345); print $$, "\t", $i, "\n"; === prints same random numbers for different processes, and that's exactly how our application works: it has fork, and hash our $var = shuffle(1,2...) in one of modules, so rand() is called before fork (shuffle uses rand). And, we cannot use entropy source, which uses /dev/random since it's exteremely slow (and important: we'll need to migrate existing passwords for all users to new scheme, once they login). So, would be great to have something like /dev/urandom + crypt counter, or sth..
Download (untitled) / with headers
text/plain 679b
Just for information - now we did workaround like this: sub get_salt { my ( $length_in_bytes ) = @_; my $new_pid = $$; state $source = entropy_source; if ( $new_pid != $pid ) { $pid = $new_pid; srand(); my $key = ""; for(my $i = 32; $i--; ) { $key .= chr(int(rand(256))); } $source = Data::Entropy::Source->new( Data::Entropy::RawSource::CryptCounter->new( Crypt::Rijndael->new($key) ), "getc" ); } my $salt; with_entropy_source( $source, sub { $salt = rand_bits($length_in_bytes * OCTET_SIZE); }); return $salt; }


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.