Groups | Search | Server Info | Login | Register

Groups > perl.perl5.porters > #99821

Re: Should we upgrade to a new PRNG in core?

Newsgroups perl.perl5.porters
Path csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!nntp.perl.org
Xref csiph.com perl.perl5.porters:99821
Return-Path <darren@darrenduncan.net>
Mailing-List contact perl5-porters-help@perl.org; run by ezmlm
Delivered-To mailing list perl5-porters@perl.org
Received (qmail 15772 invoked from network); 24 Jan 2026 03:30:43 -0000
Received from xx1.develooper.com (147.75.38.233) by x6.develooper.com with SMTP; 24 Jan 2026 03:30:43 -0000
Received from inbound-egress-7.mailchannels.net (inbound-egress-7.mailchannels.net [23.83.220.5]) by xx1.develooper.com (Postfix) with ESMTP id F01197C1B1 for <perl5-porters@perl.org>; Fri, 23 Jan 2026 19:30:42 -0800 (PST)
ARC-Seal i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1769225441; b=u76wSirOSAVwWdzzoPiGmU3QJSpVFbB8OVbaaU3w2PTbZoZzOHfWDuH8RM9qWwi4JmTbPU erdnWVM5wH9oz1NvXW1vrl0f4JsyGONoLzfcaWHszMHFLrKDzkZ6Y/5A7Zd7c6WzwBgmF7 b84fX62dgUOvjSrxKDdJVklWtiltvsmxqgV24+s6hKnvY8xOITZCS52KGIcYuBrRygVYMZ IuxY5DALT2BTIiRV/2nhQ+i2jBkMbsPQN2R8pVMlohm8AChbt/AgPsMW4ZzLdCKlz6thLq nDXuFxaOG23zaG0agcBecGjRHej9kWQqibBXu/VtTWbIknA+uy+pr4KCrp//Rg==
ARC-Message-Signature i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1769225441; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rocqYkaXfBGqnFDPM+b6JOlVe3HzvMkGnKN/MCAPbaQ=; b=hp0QATrnDaLNAlFlFLW7TTZkQUdxMgujzPkBmvlCz7o1go9MpRc8cKqwKLdHZjsK9MU4Gj 8ra7Lr/DlgJdnIBnISRNahvw2tkgU78GIELJAJ5bS/G5cU6+zMU6X704OeB2+pjgduf7V4 HQhepPE5sswWAjn+xmAdBBGO7uBGktuC1RoL1GXALYMOTycmQ/chCTV1izNtSrYb5BY1ZP subGhzZz7ooj+5WnUa5Ekac16shK1mu7X80uERip3QIa2YaX8n3ghb7s0Y4Mkr07H3xt12 hJaiDm9ttNB1ZdWr2gj/HsgYdOTAQjSEg0AYZCScAdJ5oybIDUdEZiZmnLy3vw==
ARC-Authentication-Results i=1; inbound-rspamd-d7bfdcbd8-rw7kv; none
X-Message-ID PNM5OTc0ffl2lqETWYaGTHKk
Received from four.baremetal.com (four.baremetal.com [67.223.102.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.117.59.161 (trex/7.1.3); Sat, 24 Jan 2026 03:30:41 +0000
Authentication-Results inbound.mailchannels.net; spf=pass smtp.mailfrom=darren@darrenduncan.net; dkim=pass header.d=darrenduncan.net; dmarc=pass (policy=none; pct=100; status=pass); arc=none
Received-SPF pass (dmarc-service-6ccc8c884f-h7wbd: domain of darrenduncan.net designates 67.223.102.125 as permitted sender) client-ip=67.223.102.125; envelope-from=darren@darrenduncan.net; helo=four.baremetal.com;
DKIM-Signature v=1; a=rsa-sha1; c=relaxed; d=darrenduncan.net; h= message-id:date:mime-version:subject:to:references:from :in-reply-to:content-type:content-transfer-encoding; s= 2024062918; bh=Ke6aq9DvRzLOdwC20slHc9XQij4=; b=Ez5NqO/sSIJxbtZ0z I5twKvxfmlrjxby4BaFS/xIM9wbH6PepQW9ykQuR783ZqznezsjoJI6c42mszW26 FNN0LMiR8YkiEOJ0gSIGQtY8kZtIS39JGpfp9W9UtkTBE/nbEPo1yn5Ui/NG39OD mLvt1pBrRIlo7/n84TA0HpBy9Q=
Received from [192.168.1.67] (d108-172-10-186.bchsia.telus.net [108.172.10.186]) by four.baremetal.com (Postfix) with ESMTP id 0ACF940C474F for <perl5-porters@perl.org>; Fri, 23 Jan 2026 19:30:39 -0800 (PST)
Message-ID <2b77a5db-96c1-4f28-82e8-a19f86ffe41f@darrenduncan.net> (permalink)
Date Fri, 23 Jan 2026 19:30:39 -0800
MIME-Version 1.0
User-Agent Mozilla Thunderbird
Subject Re: Should we upgrade to a new PRNG in core?
To Perl5 Porters <perl5-porters@perl.org>
References <e1f40576-0937-4dc3-908c-4c02e44e35a5@perturb.org>
Content-Language en-CA
In-Reply-To <e1f40576-0937-4dc3-908c-4c02e44e35a5@perturb.org>
Content-Type text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding 7bit
Approved news@nntp.perl.org
From darren@darrenduncan.net (Darren Duncan)

Show key headers only | View raw

Assuming that the reason to change the PRNG is better security or similar 
benefits, I feel that it would be good for Perl to have the most secure option 
by default so users who don't know better get the benefits. The main reason I 
would see to not make the change is if it would be a breaking change where it 
should not be breaking. -- Darren Duncan

On 2026-01-23 2:02 p.m., Scott Baker wrote:
> Esteemed p5p:
> 
> Almost two years ago I brought up <https://www.nntp.perl.org/group/ 
> perl.perl5.porters/2024/11/msg269037.html> upgrading *rand()* in core to use a 
> more modern PRNG. There was much lively discussion and many opinions were 
> shared. Ultimately it resulted in me writing Random::Simple <https:// 
> metacpan.org/pod/Random::Simple> as a drop in replacement to upgrade *rand()* 
> and *srand()*. At the time there were questions about whether we could or should 
> upgrade the PRNG. After much hacking and learning Perl core I have a working PR 
> <https://github.com/Perl/perl5/pull/24105> that proves it's actually pretty easy 
> to upgrade the PRNG. Whoever designed things back in the day made the PRNG 
> configurable in Configure, so really all it took was some new functions and to 
> point Configure at them instead of drand48(). This PR includes two PRNGs as 
> options to show how simple it is to switch between them using Configure.
> 
> This PR *is not merge ready* yet, it's more proof-of-concept that we *could 
> *upgrade the PRNG without any major breakage.
> 
> Ultimately the question becomes: Knowing the limitations of drand48() do we want 
> to upgrade the PRNG in core? Or is it "good enough" and users that want 
> something better are free to use CPAN.
> 
> 
>       Completed items
> 
>   * Modern PRNG implementation (PCG64)
>   * Detailed instructions for future devs on how to change/upgrade the PRNG
>   * Updated unit tests
>   * Verify |srand()| functionality works as expected
>   * Verify the new |rand()| outputs the full 53 bit state capable from a double
>     (drand48 could only do 48 bits)
>       o |./perl -I lib -E 'for (1..5) { printf("%064b\n", rand() * 2**64-1); }'|
> 
> 
>       TODO
> 
>   * |prng.h| does not seem to be rebuilt consistently after changes. Do I need
>     to add this new file to build system?
>   * Bikeshed on what the best PRNG is in 2026
>   * |make regen| puts the functions prototypes in a weird location "Used in
>     locale.c and perl.c"
>   * Add an option to get a random integer? |rand64()|?
> 
> 
>       Alternate options
> 
>   * We don't do anything. |rand()| is "good enough"
>   * Point users at CPAN. |Random::Simple| is a drop-in replacement for |rand()|
>     and |srand()| already
> 
> -- Scottchiefbaker
>

Back to perl.perl5.porters | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Should we upgrade to a new PRNG in core? scott@perturb.org (Scott Baker) - 2026-01-23 14:02 -0800
  Re: Should we upgrade to a new PRNG in core? darren@darrenduncan.net (Darren Duncan) - 2026-01-23 19:30 -0800
    Re: Should we upgrade to a new PRNG in core? eagle@eyrie.org (Russ Allbery) - 2026-01-23 19:44 -0800
      Re: Should we upgrade to a new PRNG in core? perl5-porters@perl.org (Aristotle Pagaltzis via perl5-porters) - 2026-01-24 09:34 +0100
        Re: Should we upgrade to a new PRNG in core? eagle@eyrie.org (Russ Allbery) - 2026-01-24 12:20 -0800
          Re: Should we upgrade to a new PRNG in core? scott@perturb.org (Scott Baker) - 2026-01-24 13:56 -0800
  Should we upgrade to a new PRNG in core? dj.p5p@avoiding.work (Diab Jerius) - 2026-02-07 12:03 -0500

csiph-web