Simplify the recommended alternatives to rand()

[robrwo]

The CPAN Security Group (CPANSec) is currently working on guides to generating security-quality random data. We are focusing on modules that have secure defaults and are fairly lightweight.

We would like to change the recommended modules to ones that we think are better options.

Crypt::URandom has fewer prerequisites than Crypt::Random, and works with Windows. (Older versions were pure-Perl.)

Crypt::PRNG has secure defaults and methods for generating different kinds of random data.

Math::Random::Secure has a lot of prerequisites and in the end is just relying on /dev/urandom, like Crypt::URandom does.

Math::TrulyRandom is from 1996, and it's unclear how well that technique will work on modern systems, especially VMs and containers.

Data::Entropy has recently updated to fix security issues, and has been marked as deprecated.

[jkeenan]

We will need to get this p.r. to pass t/porting/podcheck.t before we can proceed further.

[robrwo]

We will need to get this p.r. to pass t/porting/podcheck.t before we can proceed further.

The podchecker utility installed with Perl says it's ok.

When I run it I get a compilation error that seems to have nothing to do with my change:

porting/podcheck.t .. Can't locate Carp.pm in @inc (you may need to install the Carp module) (@inc entries checked: ../lib) at porting/podcheck.t line 17.
BEGIN failed--compilation aborted at porting/podcheck.t line 17.

[Grinnz]

The failure is noted in the github actions run, it is because the pod checker must be told about the new non-core modules you are linking to:

#   "Apparent broken link"
#     to "Crypt::URandom" near line 6672 of pod/perlfunc.pod
#     to "Crypt::PRNG" near line 6674 of pod/perlfunc.pod
# See end of this test output for your options on silencing this
# 
# HOW TO GET porting/podcheck.t TO PASS
# 
# There was 1 file that had new potential problems identified.
# Some of them may be real, and some of them may be false positives because
# this program isn't as smart as it likes to think it is.  You can teach this
# program to ignore the issues it has identified, and hence pass, by doing the
# following:
# 
# 1) If a problem is about a link to an unknown module or man page that
#    you know exists, re-run the command something like:
#       ./perl -I../lib porting/podcheck.t --add-link { MODULE | man_page ... }

[robrwo]

I've updated it, and also updated other references to Math::TrulyRandom.

[robrwo]

The only failing tests are cygwin, which I think has nothing to do with the POD changes.

[jkeenan]

perlfaq is maintained upstream on CPAN. So changes to its text should first be submitted to that distribution's issue tracker.

[robrwo]

perlfaq is maintained upstream on CPAN. So changes to its text should first be submitted to that distribution's issue tracker.

Ok. perl-doc-cats/perlfaq#143

[jkeenan]

I'm now satisfied with the structure of the pull request. I don't know enough about rand() to comment on the content.

[robrwo]

perlfaq is maintained upstream on CPAN. So changes to its text should first be submitted to that distribution's issue tracker.

Ok. perl-doc-cats/perlfaq#143

This has been merged.

[khwilliamson]

@robrwo Please do cd t; ./perl -I../lib porting/podcheck.t --regen and commit the changes, and repush