I have searched CPAN and Google for far too long. I am looking for a Perl module that implements a PRNG algorithm that is considered cryptographically secure (e.g. Fortuna, ISAAC), but haven't had any luck.

I am willing to develop this myself (and try to get it into CPAN), but I'm afraid I lack sufficient knowledge of the languages the reference implementations are written in. The reference for ISAAC is in C, but it relies on bit-shifting behaviour I don't know how to duplicate in Perl.

I realize that things like Crypt::Random exist, but they rely on access to either /dev/random or the EGD, neither of which I can count on for this application (in fact, they are likely not to be there). I'm also familiar with Math::TrulyRandom, but while this may be good randomness for statistical use, it may not be strong enough for cryptography -- and I lack the ability to test its stregth for those purposes. Much better to go with an accepted secure algorithm.

So, I'm looking for something extant that is reasonably self-contained. Failing that, I'm hoping someone can point me to an algorithm with explanation that is sufficient for me to develop an implementation.

If I do end up implementing this, it is my full intention to share my results with CPAN, if I can get my employer to sign off on it (likely).

Of course, I'm open to alternative solutions... My goal is to provide a CSPRNG for use in a web application that encrypts data for later transmission. The encryption algorithm is selectable from several standards (3DES, Blowfish, AES, and a few others, maybe) -- all of the implementations of these require secure PRNG's to work in a secure manner, and in my case, without access to /dev/random or an Entropy Gathering Daemon (EGD).

Does anyone know where I can find either a ready-made module or a description of a secure PRNG algorithm in sufficient detail that I can implement it myself?

Update: I neglected to mention one of my requirements, a good CSPRNG algorithm is one thing, but I also need a cross-platform way of seeding it. The ISAAC code, for example, defaults to the same seed unless you explicitly seed it. Add to this question, what is a good method for gaining a 32-bit seed value?

Update: I now have preliminary code for the ISAAC-based CSPRNG as a module named Crypt::Random::ISAAC that contains a drop-in replacement for Perl's rand(). It is not done, but it is usable -- I still must decide on a truly good method for picking a random seed than the method I used. I've uploaded the code to the Code Catacombs: Crypt::Random::ISAAC - secure random number generator. Thanks to all of you for your help, and especially to Roy Johnson and hv for pointing me to easily-implementable code.

Yoda would agree with Perl design: there is no try{}

In reply to Cryptographically Secure Psuedorandom Number Genergator - PRNG? by radiantmatrix

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.