The constructor returns a Net::Random object. It takes named parameters,
of which one - src - is compulsory, telling the module where to get its
random data from. The min and max parameters are optional, and default
to 0 and 255 respectively. Both must be integers, and max must be at
least min+1. The maximum value of max
is 2^32-1, the largest value that can be stored in a 32-bit int, or
0xFFFFFFFF. The range between min and max can not be greater than
You may also set ssl to 0 if you wish to retrieve data using plaintext (or outbound SSL is prohibited in your network environment for some reason)
Currently, the only valid values of src are qrng.anu.edu.au, fourmilab.ch and random.org.
Takes a single optional parameter, which must be a positive integer.
This determines how many random numbers are to be returned and, if not
specified, defaults to 1.
If it fails to retrieve data, we return undef. Note that random.org and fourmilab.ch ration their random data. If you hit your quota, we spit out a warning. See the section on ERROR HANDLING below.
Be careful with context. If you call it in list context, youll always get a list of results back, even if you only ask for one. If you call it in scalar context youll either get back a random number if you asked for one result, or an array-ref if you asked for multiple results.
Doesnt handle really BIGNUMs. Patches are welcome to make it use Math::BigInt internally. Note that youll need to calculate how many random bytes to use per result. I strongly suggest only using BigInts when absolutely necessary, because they are slooooooow.
Tests are a bit lame. Really needs to test the results to make sure theyre as random as the input (to make sure I havent introduced any bias).
True randomness is very useful for cryptographic applications. Unfortunately, I can not recommend using this module to produce such random data. While some simple testing shows that we can be fairly confident that it is random, and the published methodologies on all the sites used looks sane, you can not, unfortunately, trust that you are getting unique data (ie, someone else might get the same bytes as you), that they dont log who gets what data, or that no-one is intercepting it en route to surreptitiously make a copy..
Be aware that if you use an http_proxy - or if your upstream uses a transparent proxy like some of the more shoddy consumer ISPs do - then that is another place that your randomness could be compromised. Even if using https a sophisticated attacker may be able to intercept your data, because I make no effort to verify the sources SSL certificates (Id love to receive a patch to do this) and even if I did, there have been cases when trusted CAs issued bogus certificates, which could be used in MITM attacks.
I should stress that I *do* trust all the site maintainers to give me data that is sufficiently random and unique for my own uses, but I can not recommend that you do too. As in any security situation, you need to perform your own risk analysis.
There are two types of error that this module can emit which arent your fault. Those are network errors, in which case it emits a warning:
Net::Random: Error talking to [your source]
and errors generated by the randomness sources, which look like:
Net::Random: [your source] [message]
Once you hit either of these errors, it means that either you have run out of randomness and cant get any more, or you are very close to running out of randomness. Because this modules raison dêtre is to provide a source of truly random data when you dont have your own one available, it does not provide any pseudo-random fallback.
I welcome feedback about my code, especially constructive criticism.
Copyright 2003 - 2012 David Cantrell <firstname.lastname@example.org>
This software is free-as-in-speech software, and may be used, distributed, and modified under the terms of either the GNU General Public Licence version 2 or the Artistic Licence. Its up to you which one you use. The full text of the licences can be found in the files GPL2.txt and ARTISTIC.txt, respectively.
Thanks are also due to the maintainers of the randomness sources. See their web sites for details on how to praise them.
Suggestions from the following people have been included:
And patches from:
Rich Rauenzahn Suggested I allow use of an http_proxy; Wiggins d Anconia Suggested I mutter in the docs about security concerns; Syed Assad Suggested that I use the JSON interface for QRNG instead of scraping the web site;
Mark Allen code for using SSL; Steve Wills code for talking to qrng.anu.edu.au;
This module is also free-as-in-mason software.
|perl v5.20.3||NET::RANDOM (3)||2014-04-05|