Could you override the built in srand and rand functions with one of your own that checks who the caller is, and chooses which source of randomness to use based on the caller.
For example, you could arrange things so that the parts of your code that need secure cryptographic randomness get bytes from Crypt::Random, while the rest of your code gets standard rand data, that has been tainted by all the calls to srand.
Alternatively if the legacy code that is calling srand far to often has little actual need for randomness, then you could consider writing a crude random number generator for its use, as returning standard rand data to all other callers.
Your crude random number generator could be as simple as a few thousand pre-generated random numbers in a file or database table, where repeated calls just increment through the list, and the value passed in to srand is the fraction through the file to start from.
In reply to Re: Legacy code uses "srand()" .. how to avoid losing entropy?
by chrestomanci
in thread Legacy code uses "srand()" .. how to avoid losing entropy?
by locked_user sundialsvc4
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |