/ 
Crypt-Random-1.23
River stage two • 11 direct dependents • 20 total dependents
Security Advisories (2)
CPANSA-Crypt-Random-2024-001

The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded

CVE-2025-1828 (2025-03-11)

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.

Changes for version 1.23

  • Another patch by Micheal Schwern to make the File provider faster. Instead of sysread'ing, a byte at a time, we read the required number of bytes in one go.

Modules

Crypt::Random
Cryptographically Secure, True Random Number Generator.

Provides

Crypt::Random::Generator
in lib/Crypt/Random/Generator.pm
Crypt::Random::Provider::File
in lib/Crypt/Random/Provider/File.pm
Crypt::Random::Provider::devrandom
in lib/Crypt/Random/Provider/devrandom.pm
Crypt::Random::Provider::devurandom
in lib/Crypt/Random/Provider/devurandom.pm
Crypt::Random::Provider::egd
in lib/Crypt/Random/Provider/egd.pm
Crypt::Random::Provider::rand
in lib/Crypt/Random/Provider/rand.pm

Other files