Perl 克的熵可能比它们所需要的要大得多，这会使人精疲力竭。我们发现正是这一点（Windows）弱哈希算法_Perl_Security_Random_Reverse Engineering_Srand

Perl 克的熵可能比它们所需要的要大得多，这会使人精疲力竭。我们发现正是这一点（Windows）弱哈希算法

perl security random

Perl 克的熵可能比它们所需要的要大得多，这会使人精疲力竭。我们发现正是这一点（Windows）弱哈希算法,perl,security,random,reverse-engineering,srand,Perl,Security,Random,Reverse Engineering,Srand,除了32位问题之外，这可能是最薄弱的环节它使用什么随机函数一旦提供了一个种子，它将传递给哪个随机数函数？较差的兰德函数使猜测种子更容易。Perl寻找几个，通常以drand48结束。您可以看到它的用法：use-Config；打印$Config{randfunc}'。我不知道它工作得有多好，但是OSXDrand48手册页说，random（3）更强大，而Linux手册页说该功能自…以来一直未被触及。。。哦，天哪，90年代末。它被移动到util.c，但还没有被认真地处理git Bull 132

除了32位问题之外，这可能是最薄弱的环节

它使用什么随机函数

一旦提供了一个种子，它将传递给哪个随机数函数？较差的兰德函数使猜测种子更容易。Perl寻找几个，通常以

drand48

结束。您可以看到它的用法：

use-Config；打印$Config{randfunc}'

。我不知道它工作得有多好，但是OSXDrand48手册页说，

random（3）

更强大，而Linux手册页说

该功能自…以来一直未被触及。。。哦，天哪，90年代末。它被移动到util.c，但还没有被认真地处理<代码>git Bull 132efe8bfb7cd0fb1beb15aaf284e33bf44eb1fa^pp.c显示真实历史，查找

S_seed

。它可能需要一些爱。大多数其他语言都有。

似乎是（现在）值得一看的地方。很明显它以前住在pp.c。看起来像是在说，但我不假装对这些有兴趣。

U32
Perl_seed(pTHX)
{
    dVAR;
    /*
     * This is really just a quick hack which grabs various garbage
     * values.  It really should be a real hash algorithm which
     * spreads the effect of every input bit onto every output bit,
     * if someone who knows about such things would bother to write it.
     * Might be a good idea to add that function to CORE as well.
     * No numbers below come from careful analysis or anything here,
     * except they are primes and SEED_C1 > 1E6 to get a full-width
     * value from (tv_sec * SEED_C1 + tv_usec).  The multipliers should
     * probably be bigger too.
     */
#if RANDBITS > 16
#  define SEED_C1   1000003
#  define SEED_C4   73819
#else
#  define SEED_C1   25747
#  define SEED_C4   20639
#endif

#define   SEED_C2   3
#define   SEED_C3   269
#define   SEED_C5   26107

#ifndef PERL_NO_DEV_RANDOM
    int fd;
#endif

    U32 u;

#ifdef VMS
#  include <starlet.h>
    /* when[] = (low 32 bits, high 32 bits) of time since epoch
     * in 100-ns units, typically incremented ever 10 ms.        */
   unsigned int when[2];
#else
#  ifdef HAS_GETTIMEOFDAY
       struct timeval when;
#  else
       Time_t when;
#  endif
#endif

/* This test is an escape hatch, this symbol isn't set by Configure. */
#ifndef PERL_NO_DEV_RANDOM
#    ifndef PERL_RANDOM_DEVICE
         /* /dev/random isn't used by default because reads from it will block
          * if there isn't enough entropy available.  You can compile with
          * PERL_RANDOM_DEVICE to it if you'd prefer Perl to block until there
          * is enough real entropy to fill the seed. */
#        define PERL_RANDOM_DEVICE "/dev/urandom"
#    endif
     fd = PerlLIO_open(PERL_RANDOM_DEVICE, 0);
     if (fd != -1) {
        if (PerlLIO_read(fd, (void*)&u, sizeof u) != sizeof u)
        u = 0;
    PerlLIO_close(fd);
    if (u)
        return u;
    }
#endif

#ifdef VMS
    _ckvmssts(sys$gettim(when));
    u = (U32)SEED_C1 * when[0] + (U32)SEED_C2 * when[1];
#else
#  ifdef HAS_GETTIMEOFDAY
        PerlProc_gettimeofday(&when,NULL);
        u = (U32)SEED_C1 * when.tv_sec + (U32)SEED_C2 * when.tv_usec;
#  else
        (void)time(&when);
        u = (U32)SEED_C1 * when;
#  endif
#endif

    u += SEED_C3 * (U32)PerlProc_getpid();
    u += SEED_C4 * (U32)PTR2UV(PL_stack_sp);

#ifndef PLAN9           /* XXX Plan9 assembler chokes on this; fix needed  */
    u += SEED_C5 * (U32)PTR2UV(&when);
#endif

    return u;
}