/ 
Crypt-Random-1.53
River stage two • 11 direct dependents • 20 total dependents
Security Advisories (2)
CPANSA-Crypt-Random-2024-001

The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded

CVE-2025-1828 (2025-03-11)

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.

Changes for version 1.53

  • Removed a superfluous call to makerandom_itv() thanks to Larry Leszczynski <larryl@emailplus.org>.
  • Improved makerandom_itv test to ensure generated numbers are in the intterval.

Modules

Crypt::Random
Cryptographically Secure, True Random Number Generator.

Provides

Crypt::Random::Generator
in lib/Crypt/Random/Generator.pm
Crypt::Random::Provider::File
in lib/Crypt/Random/Provider/File.pm
Crypt::Random::Provider::devrandom
in lib/Crypt/Random/Provider/devrandom.pm
Crypt::Random::Provider::devurandom
in lib/Crypt/Random/Provider/devurandom.pm
Crypt::Random::Provider::egd
in lib/Crypt/Random/Provider/egd.pm
Crypt::Random::Provider::rand
in lib/Crypt/Random/Provider/rand.pm

Other files