- OPTIONAL DEPENDENCIES
- FORK AND THREAD SAFETY
- ADDITIONAL DISCUSSION
- SEE ALSO
- LICENSE AND COPYRIGHT
Bytes::Random::Secure::Tiny - A tiny Perl extension to generate cryptographically-secure random bytes.
use Bytes::Random::Secure::Tiny; my $rng = Bytes::Random::Secure::Tiny->new; # Seed with 256 bits. my $bytes = $rng->bytes(32); # A string of 32 random bytes. my $long = $rng->irand; # 32-bit random unsigned int. my $hex = $rng->bytes_hex(10); # 10 random bytes as hex digits. my $string = $rng->string_from('abc', 10); # Random string from a, b, & c.
Bytes::Random::Secure::Tiny provides random bytes from a cryptographically secure random number generator (ISAAC), seeded from strong entropy sources on a wide variety of platforms. It does so without external dependencies (except on Windows), and has a minimal but useful user interface patterned after the module Bytes::Random::Secure.
Bytes::Random::Secure has a handful of dependencies. And its UI may be bigger than a typical user needs. Bytes::Random::Secure::Tiny is designed to provide what 90% of Bytes::Random::Secure's users need, but with a simpler user interface, and in a single module with no dependencies beyond core Perl.
In most cases this module may be used as a light-weight drop-in replacement for Bytes::Random::Secure.
This module aims to provide a generalized tool for generating cryptographically secure randomness in a way that can fit into many applications while providing a zero dependency toolchain, and a user interface that is both minimal and simple. Common use-cases may include:
Creating temporary passphrases.
Generating random salts.
Generating a secret that can be hashed along with session cookies.
Feeding secure key-gen utilities.
Bytes::Random::Secure::Tiny employs several well-designed algorithms adapted from established CPAN tools to generate a strong random seed, and then to instantiate a high quality cryptographically secure pseudo-random number generator based on the seed. It has taken significant research to come up with a strong and sensible choice of established and published algorithms. The interface is designed with minimalism and simplicity in mind.
Furthermore, this module runs its randomness through both statistical tests and NIST FIPS-140 tests to verify integrity.
::Tiny module, the additional goals of low (or no) dependencies and a light-weight code base make this an ideal choice for environments where heavier dependency chains are problematic.
Nothing is exported.
my $rng = Bytes::Random::Secure::Tiny->new;
Instantiate the pseudo-random number generator object. The seeding of the ISAAC CSPRING defaults to 256 bits from a non-blocking entropy source. The CSPRNG object should be instantiated as infrequently as practical; there is no benefit to re-seeding, with the single cavaet that the CSPRNG object should not be shared by threads or forked processes.
Parameters described below are optional and case-insensitive.
my $rng = Bytes::Random::Secure::Tiny->new(bits => 512);
Number of bits to use in seeding. Must be a value between 64 and 8192 inclusive, and must satisfy
bits==2**n. The default value is 256.
my $nb_rng = Bytes::Random::Secure::Tiny->new(nonblocking=>1); my $bl_rng = Bytes::Random::Secure::Tiny->new(nonblocking=>0);
If set to a false value, a blocking entropy source may be used in seeding. This is generally not necessary, as the non-blocking sources used are considered by most to be strong enough for cryptographic purposes.
Instantiating with a blocking source can exhaust system entropy (this has been seen in testing), and in such cases
newwill block until sufficient entropy is generated.
The default is to use a non-blocking source, and you should probably accept that default.
my $random_bytes = $rng->bytes($n);
Returns a string of
$n random bytes.
$n must be a positive integer.
my $random_hex = $rng->bytes_hex(6); # E.g. f35dde7c02a4
Returns a string of hex digits. Each byte is represented by two lower-cased hex digits. Therefore,
$rng->bytes_hex(1) will return a string of length 2, such as
7F. There is no
0x prepended to the hex digits.
my $random_string = $rng->string_from('abcdefg', 10);
Returns a string of random octets selected from the "Bag" string (in this case ten octets from 'abcdefg'). Repeated bag characters are weighted according to their frequency. For example, given the bag 'aabc', the character 'a' will be selected approximately 50% of the time, though being random, there are no guarantees it will be selected at all. For the bag 'abc', each character has the same weight. The output may contain duplicate characters. For example:
say $rng->string_from('a', 10); # Must always be 'aaaaaaaaaa'
my $unsigned_long = $random->irand;
Returns a pseudo-random 32-bit unsigned integer. The value will satisfy
0 <= x <= 2**32-1.
my $aref_shuffled = $random->shuffle($aref);
Shuffles the contents of a reference to an array in situ, and returns the same reference.
List::Util, which ships with Perl, includes
shuffle function. But that function is flawed in two ways. First, from a cryptographic standpoint, it uses Perl's
rand, which is not a CSPRNG, and therefore is inadequate.
Second, because Perl's rand has an internal state of just 32 bits, it cannot possibly generate all permutations of arrays containing 13 or more elements.
shuffle uses a CSPRNG, and also benefits from large seeds and a huge internal state. ISAAC can be seeded with up to 8192 bits, yielding 2^8192 possible initial states, and 2^8288 possible internal states. A seed of 8192 bits will assure that for arrays of up to 966 elements every permutation is accessible.
Nothing to configure.
This module requires Perl 5.8 or newer. Unicode support in
string_from is best with Perl 5.8.9 or newer. See the INSTALLATION section in this document for details.
Bytes::Random::Secure::Tiny uses an embedded version of the ISAAC algorithm adapted from Math::Random::ISAAC as its CSPRNG, but will silently upgrade to using Math::Random::ISAAC proper if it is available on the target system.
If performance is a consideration and you are able to install Math::Random::ISAAC::XS, do so; Bytes::Random::Secure::Tiny will silently upgrade to using
Math::Random::ISAAC::XS instead of the embedded ISAAC CSPRING. Math::Random::ISAAC::XS implements the same ISAAC CSPRNG algorithm in C and XS for speed.
When programming for parallel computation, create a unique
Bytes::Random::Secure::Tiny object within each process or thread. Bytes::Random::Secure::Tiny uses a CSPRNG, and sharing the same RNG between threads or processes will share the same seed and the same starting point. By instantiating the B::R::S::T object after forking or creating threads, a unique randomness stream will be created per thread or process.
Always share the same RNG object between all non-concurrent consumers within a process, but never share the same RNG between threads or forked processes.
It's easy to generate weak pseudo-random bytes. It's also easy to think you're generating strong pseudo-random bytes when really you're not. And it's hard to test for pseudo-random cryptographic acceptable quality. There are many high quality random number generators that are suitable for statistical purposes, but not necessarily up to the rigors of cryptographic use.
Assuring strong (ie, secure) random bytes in a way that works across a wide variety of platforms is also challenging. A primary goal for this module is to provide cryptographically secure pseudo-random bytes while still meeting the secondary goals of simplicity, minimalism, and no dependencies. If more fine-grained control over seeding methods is needed, use Bytes::Random::Secure instead.
The ISAAC algorithm is considered a cryptographically strong pseudo-random number generator. It has 1.0e2466 possible initial states. The best known attack for discovering initial state would theoretically take a complexity of approximately 4.67e1240, which is of no practical consequence to ISAAC's security. Cycles are guaranteed to have a minimum length of 2**40, with an average cycle of 2**8295. Because there is no practical attack capable of discovering initial state, and because the average cycle is so long, it's generally unnecessary to re-seed a running application. The results are uniformly distributed, unbiased, and unpredictable unless the seed is known.
To confirm the quality of the CSPRNG, this module's test suite implements the FIPS-140-1 tests for strong random number generators. See the comments in
t/27-fips140-1.t for details.
string_from method permits the user to pass a "bag" (or source) string containing Unicode characters. For any modern Perl version, this will work just as you would hope. But some versions of Perl older than 5.8.9 exhibited varying degrees of bugginess in their handling of Unicode. If you're depending on the Unicode features of this module while using Perl versions older than 5.8.9 be sure to test thoroughly, and don't be surprised when the outcome isn't as expected. ...this is to be expected. Upgrade. This module works at the octet level, not grapheme cluster.
Care is taken so that there is no modulo bias in the randomness returned. This is exactly why the
string_from method is preferable to a home-grown random string solution. However, the algorithm to eliminate modulo bias can impact the performance of the
string_from method. Any time the length of the bag string is significantly less than the nearest greater or equal factor of 2**32, performance will degrade. Unfortunately there is no known algorithm that improves upon this situation. Fortunately, for sanely sized strings, it's a minor issue. To put it in perspective, even in the case of passing a "bag" string of length 2**31 (which is huge), the expected time to return random bytes will only double.
No special requirements.
David Oswald <email@example.com>
Please report any bugs or feature requests to
bug-bytes-random-secure at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Bytes-Random-Secure-Tiny. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
You can find documentation for this module with the perldoc command.
You can also look for information at:
Github Repo: https://github.com/daoswald/Bytes-Random-Secure-Tiny
RT: CPAN's request tracker (report bugs here)
AnnoCPAN: Annotated CPAN documentation
Dana Jacobsen ( <firstname.lastname@example.org> ) for his work that led to Crypt::Random::Seed, and for ideas and code reviews.
Copyright 2015 David Oswald.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.