This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Update the documentation for rand() to note that it's not
authorJesse Vincent <jesse@bestpractical.com>
Tue, 19 Apr 2011 13:53:07 +0000 (23:53 +1000)
committerJesse Vincent <jesse@bestpractical.com>
Tue, 19 Apr 2011 14:39:08 +0000 (00:39 +1000)
cryptographically secure due to concerns that end-users are unaware of
this and use it in situations where security depends on the strength of
the randomness generated.

I'd have been happier getting this patch in earlier in the cycle.
We'd hoped to replace the RNG, but that didn't happen in time, so this
doc update is the "better, still not good" fallback.

pod/perlfunc.pod

index f6fef97..26b8949 100644 (file)
@@ -4578,6 +4578,13 @@ returns a random integer between C<0> and C<9>, inclusive.
 large or too small, then your version of Perl was probably compiled
 with the wrong number of RANDBITS.)
 
+B<C<rand()> is not cryptographically secure.  You should not rely
+on it in security-sensitive situations.>  As of this writing, a
+number of third-party CPAN modules offer random number generators
+intended by their authors to be cryptographically secure,
+including: L<Math::Random::Secure>, L<Math::Random::MT::Perl>, and
+L<Math::TrulyRandom>.
+
 =item read FILEHANDLE,SCALAR,LENGTH,OFFSET
 X<read> X<file, read>