Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

drhyde (1683)

drhyde
  (email not shown publicly)
http://www.cantrell.org.uk/david

Journal of drhyde (1683)

Tuesday January 13, 2004
06:34 AM

Net::Random doc-patch

[ #16803 ]
Ugh, I just remembered that I need to patch Net::Random's docs to include dire warnings about using it for cryptographic or authentication applications, like I promised on the perl-crypto list. Hopefully by writing about it here it'll stick in my brane until I get home this evening :-)

The reason is that the random data comes from a third party and transits untrusted networks without being protected by (eg) SSL. I'm quite confident that the data is indeed random and so suitable for use in such applications. But there's no guarantee that someone else hasn't retained a copy of the data. Which makes using it a potential risk.

That's not to say that you shouldn't use the data like that. You just need to be aware of the risk so you can do your own risk analysis.

It could also do with some better tests. I don't need to test that the data is random (you just have to trust the third party data sources) but I do need to test that I'm not introducing bias in my data-munging. I'm pretty damned confident that I'm not, but it should be tested anyway.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.