If you don't want to use /dev/random or EGD, you are going to have to emulate their functionality yourself using some other source of 'truly' random source data - perhaps the timing of network requests, or keystrokes (but realize that each of these things is far from totally random and account for it - for example, instead of storing the raw data, calculate a profile of 'typical' data, and generate your randomness from moment-by-moment variation from that profile). Something has to come from the non-deterministic land of humans to make randomness possible in the deterministic land of machines. A major reason to use digital computers in the first place is to eliminate random variation in functional output from circuit noise and that kind of thing. When randomness does affect the operations of a computer outside the context of an EGD/dev/random type mechanism, that machine is broken.

Find variance in nature and bring it into your computer. Emulate the interface to /dev/random or EGD. Then, use the accepted (and already written) secure algorithms in CPAN that rightfully require this functionality.

- paul

"A fool and his freedom are soon parted"
-RMS