Newsgroups: perl.perl5.porters Path: csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!nntp.perl.org Xref: csiph.com perl.perl5.porters:99821 Return-Path: Mailing-List: contact perl5-porters-help@perl.org; run by ezmlm Delivered-To: mailing list perl5-porters@perl.org Received: (qmail 15772 invoked from network); 24 Jan 2026 03:30:43 -0000 Received: from xx1.develooper.com (147.75.38.233) by x6.develooper.com with SMTP; 24 Jan 2026 03:30:43 -0000 Received: from inbound-egress-7.mailchannels.net (inbound-egress-7.mailchannels.net [23.83.220.5]) by xx1.develooper.com (Postfix) with ESMTP id F01197C1B1 for ; Fri, 23 Jan 2026 19:30:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1769225441; b=u76wSirOSAVwWdzzoPiGmU3QJSpVFbB8OVbaaU3w2PTbZoZzOHfWDuH8RM9qWwi4JmTbPU erdnWVM5wH9oz1NvXW1vrl0f4JsyGONoLzfcaWHszMHFLrKDzkZ6Y/5A7Zd7c6WzwBgmF7 b84fX62dgUOvjSrxKDdJVklWtiltvsmxqgV24+s6hKnvY8xOITZCS52KGIcYuBrRygVYMZ IuxY5DALT2BTIiRV/2nhQ+i2jBkMbsPQN2R8pVMlohm8AChbt/AgPsMW4ZzLdCKlz6thLq nDXuFxaOG23zaG0agcBecGjRHej9kWQqibBXu/VtTWbIknA+uy+pr4KCrp//Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1769225441; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rocqYkaXfBGqnFDPM+b6JOlVe3HzvMkGnKN/MCAPbaQ=; b=hp0QATrnDaLNAlFlFLW7TTZkQUdxMgujzPkBmvlCz7o1go9MpRc8cKqwKLdHZjsK9MU4Gj 8ra7Lr/DlgJdnIBnISRNahvw2tkgU78GIELJAJ5bS/G5cU6+zMU6X704OeB2+pjgduf7V4 HQhepPE5sswWAjn+xmAdBBGO7uBGktuC1RoL1GXALYMOTycmQ/chCTV1izNtSrYb5BY1ZP subGhzZz7ooj+5WnUa5Ekac16shK1mu7X80uERip3QIa2YaX8n3ghb7s0Y4Mkr07H3xt12 hJaiDm9ttNB1ZdWr2gj/HsgYdOTAQjSEg0AYZCScAdJ5oybIDUdEZiZmnLy3vw== ARC-Authentication-Results: i=1; inbound-rspamd-d7bfdcbd8-rw7kv; none X-Message-ID: PNM5OTc0ffl2lqETWYaGTHKk Received: from four.baremetal.com (four.baremetal.com [67.223.102.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.117.59.161 (trex/7.1.3); Sat, 24 Jan 2026 03:30:41 +0000 Authentication-Results: inbound.mailchannels.net; spf=pass smtp.mailfrom=darren@darrenduncan.net; dkim=pass header.d=darrenduncan.net; dmarc=pass (policy=none; pct=100; status=pass); arc=none Received-SPF: pass (dmarc-service-6ccc8c884f-h7wbd: domain of darrenduncan.net designates 67.223.102.125 as permitted sender) client-ip=67.223.102.125; envelope-from=darren@darrenduncan.net; helo=four.baremetal.com; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=darrenduncan.net; h= message-id:date:mime-version:subject:to:references:from :in-reply-to:content-type:content-transfer-encoding; s= 2024062918; bh=Ke6aq9DvRzLOdwC20slHc9XQij4=; b=Ez5NqO/sSIJxbtZ0z I5twKvxfmlrjxby4BaFS/xIM9wbH6PepQW9ykQuR783ZqznezsjoJI6c42mszW26 FNN0LMiR8YkiEOJ0gSIGQtY8kZtIS39JGpfp9W9UtkTBE/nbEPo1yn5Ui/NG39OD mLvt1pBrRIlo7/n84TA0HpBy9Q= Received: from [192.168.1.67] (d108-172-10-186.bchsia.telus.net [108.172.10.186]) by four.baremetal.com (Postfix) with ESMTP id 0ACF940C474F for ; Fri, 23 Jan 2026 19:30:39 -0800 (PST) Message-ID: <2b77a5db-96c1-4f28-82e8-a19f86ffe41f@darrenduncan.net> Date: Fri, 23 Jan 2026 19:30:39 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Should we upgrade to a new PRNG in core? To: Perl5 Porters References: Content-Language: en-CA In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Approved: news@nntp.perl.org From: darren@darrenduncan.net (Darren Duncan) Assuming that the reason to change the PRNG is better security or similar benefits, I feel that it would be good for Perl to have the most secure option by default so users who don't know better get the benefits. The main reason I would see to not make the change is if it would be a breaking change where it should not be breaking. -- Darren Duncan On 2026-01-23 2:02 p.m., Scott Baker wrote: > Esteemed p5p: > > Almost two years ago I brought up perl.perl5.porters/2024/11/msg269037.html> upgrading *rand()* in core to use a > more modern PRNG. There was much lively discussion and many opinions were > shared. Ultimately it resulted in me writing Random::Simple metacpan.org/pod/Random::Simple> as a drop in replacement to upgrade *rand()* > and *srand()*. At the time there were questions about whether we could or should > upgrade the PRNG. After much hacking and learning Perl core I have a working PR > that proves it's actually pretty easy > to upgrade the PRNG. Whoever designed things back in the day made the PRNG > configurable in Configure, so really all it took was some new functions and to > point Configure at them instead of drand48(). This PR includes two PRNGs as > options to show how simple it is to switch between them using Configure. > > This PR *is not merge ready* yet, it's more proof-of-concept that we *could > *upgrade the PRNG without any major breakage. > > Ultimately the question becomes: Knowing the limitations of drand48() do we want > to upgrade the PRNG in core? Or is it "good enough" and users that want > something better are free to use CPAN. > > > Completed items > > * Modern PRNG implementation (PCG64) > * Detailed instructions for future devs on how to change/upgrade the PRNG > * Updated unit tests > * Verify |srand()| functionality works as expected > * Verify the new |rand()| outputs the full 53 bit state capable from a double > (drand48 could only do 48 bits) > o |./perl -I lib -E 'for (1..5) { printf("%064b\n", rand() * 2**64-1); }'| > > > TODO > > * |prng.h| does not seem to be rebuilt consistently after changes. Do I need > to add this new file to build system? > * Bikeshed on what the best PRNG is in 2026 > * |make regen| puts the functions prototypes in a weird location "Used in > locale.c and perl.c" > * Add an option to get a random integer? |rand64()|? > > > Alternate options > > * We don't do anything. |rand()| is "good enough" > * Point users at CPAN. |Random::Simple| is a drop-in replacement for |rand()| > and |srand()| already > > -- Scottchiefbaker >