Not to beat a dead horse, but: reading over the source of Data::Random, I am frankly shocked that Crypt::DSA even includes support for it. At its core, Data::Random is just a huge wrapper providing functionality around rand() - but that is in no way intended for cryptographic use. In fact, perldoc even says right in the rand function description: "rand() is not cryptographically secure. You should not rely on it in security-sensitive situations."
If we absolutely need an alternative /dev/random, perldoc recommends another few possibilities, but CPRNGs are a significantly hard problem, and I'd always recommend using something that is studied a lot more than a perl module which is studied significantly less. Crypt::Random::Secure could be used instead, or perhaps Math::TrulyRandom, though neither of them have received anywhere as much scruitiny as /dev/random. Long story short, I would recommend that we simply refuse to install the package where /dev/random is missing, and provide upstream with patches to remove the ability to use Data::Random. Best, Harlan Lieberman-Berg -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

