NAME
Crypt::DRBG - Base class for fast, cryptographically-secure PRNGs
SYNOPSIS
use Crypt::DRBG::HMAC;
my $drbg = Crypt::DRBG::HMAC->new(auto => 1);
my $data = $drbg->generate(42);
... # do something with your 42 bytes here
my $drbg2 = Crypt::DRBG::HMAC->new(seed => "my very secret seed");
my @randdigits = $drbg->randitems(20, [0..9]);
... # do something with your 20 random digits hereDESCRIPTION
Crypt::DRBG is a collection of fast, cryptographically-secure PRNGs (pseudo-random number generators). It can be useful for a variety of situations:
Cryptographically secure random numbers are needed in production, but for testing reproducibility is needed
A large number of random values are needed, but using /dev/urandom (or the equivalent) frequently or persistently is unsuitable
Selection of random values in a range (e.g. digits, letters, identifiers) is required and biasing the results is unacceptable
Crypt::DRBG::HMAC is the recommended class to use, as it's currently the fastest. All algorithms are assumed to provide equivalent security.
SUBROUTINES/METHODS
initialize(%params)
%params can contain the following:
- auto
-
If true, use a safe, cryptographically-secure set of defaults. Equivalent to specifying autoseed, autononce, autopersonalize, and fork_safe.
- autoseed
-
If true, derive a seed from Crypt::URandom, if available, or from /dev/urandom, /dev/arandom, or /dev/random, in that order. Windows support requires Crypt::URandom to function properly.
- seed
-
If a string, use this value as the seed. If a coderef, call this coderef with a single argument (the number of bytes) to obtain an entropy input. Note that if a string is used, an exception will be thrown if a reseed is required.
- autononce
-
If true, derive a nonce automatically.
- nonce
-
If a string, use this value as the nonce. If a coderef, call this coderef with a single argument (the number of bytes) to obtain a nonce.
- autopersonalize
-
If true, derive a personalization string automatically.
- personalize
-
If a string, use this value as the personalization string. If a coderef, call this coderef to obtain a personalization string.
- fork_safe
-
If true, reseed on fork. If false, the parent and child processes will produce the same sequence of bytes (not recommended).
- cache
-
If enabled, keep a cache of this many bytes and use it to satisfy requests before generating more.
$drbg->generate($bytes, $additional_data)
Generate and return $bytes bytes. There is a limit per algorithm on the number of bytes that can be requested at once, which is at least 2^10.
If $additional_data is specified, add this additional data to the DRBG.
If the cache flag was specified on instantiation, bytes will be satisfied from the cache first, unless $additional_data was specified.
$drbg->rand([$n], [$num])
Like Perl's rand, but cryptographically secure. Uses 32-bit values.
Accepts an additional argument, $num, which is the number of values to return. Defaults to 1 (obviously).
Note that just as with Perl's rand, there may be a slight bias with this function. Use randitems if that matters to you.
Returns an array if $num is specified and a single item if it is not.
$drbg->randitems($n, $items)
Select randomly and uniformly from the arrayref $items $n times.
$drbg->randbytes($n, $items)
Select randomly and uniformly from the characters in arrayref $items $n times. Returns a byte string.
This function works just like randitems, but is more efficient if generating a sequence of bytes as a string instead of an array.
AUTHOR
brian m. carlson, <sandals at crustytoothpaste.net>
BUGS
Please report any bugs or feature requests to bug-crypt-drbg at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Crypt-DRBG. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Crypt::DRBGYou can also look for information at:
RT: CPAN's request tracker (report bugs here)
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2015 brian m. carlson.
This program is distributed under the MIT (X11) License: http://www.opensource.org/licenses/mit-license.php
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.