Thanks all!
I was wondering why the author didn't just call rand.
I checked the rest of the source and it's just used as a unique identifier.
So using rand would have been much easier.
> If that were my program, running under any modern perl version, I'd
> exploit the fact that Perl's random number generator can give you 16
> hard-to-predict bits much more easily. This line should be a drop-in
> equivalent that's just as good, from an unpredictability standpoint,
> and significantly faster and more portable:
>
> my $token = int rand 2**16;
>
> Still, I wouldn't write it that way without seeing more about how
> $token is used further down the code. It might be that you could (or
> even should) use more bits than 16, if it's really important to make
> your token unguessable. But you can't upgrade to 40 bits by simply
> writing this:
>
> my $token = int rand 2**40; # won't work
>
> ... because rand only produces a few bits of randomness each time it
> is called. If you want a token with more bits, you can do something
> like this:
>
> my $bits_of_randomness = 40;
> my $token = '';
> while (length($token) < ($bits_of_randomness/4)) {
> $token .= unpack "H4", pack "S", int rand 2**16;
> }
>
> Of course, that may require changes to subsequent parts of the code
> that expected $token to be an integer instead of a string, for
> example.
>
> Hope this helps!
>
> --Tom Phoenix
> Stonehenge Perl Training
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
