I noticed some possible issues with this code

Only the first character of strings will take part in your entropy pool:

$old_mix = $Hash->(pack "LaaaaLLLLaL"
        , $rand, $old_mix, "#"
        , $Host, '#', $$, $time, $ms, $count
        , $salt, $old_rand);
[download]

The "a" format specifier alone will only copy over the first character of the source string. To copy over the whole source string, use "a*".

my $ret = encode_base64( $Hash->( pack "aL", $old_mix, $old_rand ) );
[download]

Note that this "pack" also suffers the same problem, so only the first character from $old_mix gets used for hashing to a result. This entropy loss is made even more stunning given:

our $Hash = \&Digest::MD5::md5_base64;
[download]

So $old_mix is the result of a base64 encoding, thus its first character retains only a fraction of a byte of entropy.

Also, $ret is being assigned a doubly-base64-encoded hashed value, so it will be longer than necessary, and its entropy density will be less than expected. This problem is benign from a security standpoint, unless $Truncate gets used:

$ret = substr( $ret, 0, $Truncate )
[download]

So truncation will cause a greater than expected loss of entropy in the result.

As for using MD5, in this context I don't think its weaknesses are a liability -- it is being used for mixing a secret key, so even if an attacker can concoct a collision for this secret, this pseudo-secret key will be useless. However, I would personally choose a newer hashing algorithm, due to unjustified paranoia.