Gah! I'm not a security expert, but I know enough that should I require some cryptographically strong random numbers, the last place I want to fetch them would be from some disinterested third party (even if I do have a couple of links on my homenode).

For really, really strong numbers, I would read from the blocking version of the kernel's entropy pool, /dev/random on BSD, /dev/urandom (I believe) on Linux, and EGD on Solaris (at least on the ancient 2.6 I'm using). For merely really strong numbers but high volume, I'd just use output from one of those to seed a good PRNG, such as the Mersenne Twister (for which a Perl module exists... hmm, no, two competing modules, Rand::MersenneTwister and Math::Random::MT). This PRNG has a 2**19937-1 period, and can be fed to a digest function to produce stronger bits, at a certain cost in speed.

The main point is that you can, and should, always generate them locally.

_____________________________________________
Come to YAPC::Europe 2003 in Paris, 23-25 July 2003.

Good point :-)

What you believe is right ;-)

Any programmer can just read a few megs from /dev/urandom, write it to a file (dd is a handy utility to achieve quick results) and try to gzip or bzip it. If the file can be compressed with a high ratio it is a shame for the urandom coders, if not then it is a shame for gzip or bzip coders (and refreshing for crypto-minded programmers ;-) (ok, ok, just a joke :)

To put it shortly: You already have the random numbers in kernel (I mean Linux).

To put it shortly: You already have the random numbers in kernel (I mean Linux).

And my musing was to have a source for all Perl programs, regardless of platform.

A good PRNG requires a few different entropy sources. Reading from /dev/urandom is just one. If that device already implements something like Yarrow, that's another story.

The "next perl instruction" is essentially random if taken using the CPU cycle counter's least few bits. And that's just one source of (some) entropy, not a suitable random number in itself.

—John