perl-Session-Token - Secure, efficient, simple random session token generation

Property Value
Distribution ALT Linux Sisyphus
Repository Autoimports x86_64
Package filename perl-Session-Token-1.503-alt4.1.x86_64.rpm
Package name perl-Session-Token
Package version 1.503
Package release alt4.1
Package architecture x86_64
Package type rpm
Category Development/Perl
Homepage -
License -
Maintainer -
Download size 70.96 KB
Installed size 70.96 KB
This module provides a secure, efficient, and simple interface for creating session tokens, password reset codes, temporary passwords, random identifiers, and anything else you can think of.
When a Session::Token object is created, 1024 bytes are read from `/dev/urandom' (Linux, Solaris, most BSDs), `/dev/arandom' (some older BSDs), or the Crypt::Random::Source::Strong::Win32 manpage (Windows). These bytes are used to seed the ISAAC-32 pseudo random number generator.
Once a generator is created, you can repeatedly call the `get' method on the generator object and it will return a new token each time.
IMPORTANT: If your application calls `fork', make sure that any generators are re-created in one of the processes after the fork since forking will duplicate the generator state and both parent and child processes will go on to produce identical tokens (just like perl's the rand manpage after it is seeded).
After the generator context is created, no system calls are used to generate tokens. This is one way that Session::Token helps with efficiency. However, this is only important for certain use cases (generally not web sessions).
ISAAC is a cryptographically secure PRNG that improves on the well-known RC4 algorithm in some important areas. For instance, it doesn't have short cycles or initial bias like RC4 does. A theoretical shortest possible cycle in ISAAC is `2**40', although no cycles this short have ever been found (and probably don't exist at all). On average, ISAAC cycles are `2**8295'.
Creators of server applications must choose whether a single generator will be kept around and used to generate all tokens, or if a new Session::Token object will be created every time a token is needed.
Generally speaking the generator should be kept around and re-used. Probably the most important reason for this is that generating a new token from an existing generator cannot fail due to a full file descriptor table. Creating a new Session::Token object for every token can fail because the constructor opens `/dev/urandom' which will not succeed if all allotted descriptors are in use. Programs that re-use the generator are also more efficient and are less likely to cause problems in `chroot'ed environments where `/dev/urandom' can no longer be opened.
However, re-using a generator may be undesirable because servers are typically started immediately after a system reboot and the kernel's randomness pool might be poorly seeded at that point meaning that all subsequently generated tokens may be based on a weak/predictable seed. For this reason, you might choose to defer creating the generator until the first request actually comes in and/or periodically re-create the generator object.
Aside: Some crappy (usually C) programs that assume opening `/dev/urandom' will always succeed can return session tokens based only on the contents of nulled or uninitialised memory (unix really ought to provide a system call for random data). Session::Token throws an exception if it can't seed itself.


Package Version Architecture Repository
perl-Session-Token-1.503-alt4.1.i586.rpm 1.503 i586 Autoimports
perl-Session-Token - - -


Name Value
/usr/lib64/perl5 - - - - - -
perl( -
perl( -
rpmlib(PayloadIsLzma) -
rpmlib(SetVersions) -
rtld(GNU_HASH) -


Name Value
perl(Session/ = 1.503
perl-Session-Token = 1.503-alt4.1


Type URL
Binary Package perl-Session-Token-1.503-alt4.1.x86_64.rpm
Source Package perl-Session-Token-1.503-alt4.1.src.rpm

Install Howto

  1. Add the following line to /etc/apt/sources.list:
    rpm [Sisyphus] x86_64 autoimports
    rpm [Sisyphus] noarch autoimports
  2. Update the package index:
    # sudo apt-get update
  3. Install perl-Session-Token rpm package:
    # sudo apt-get install perl-Session-Token



See Also

Package Description
perl-Set-IntSpan-Fast-XS-0.05-alt4.1.x86_64.rpm Faster Set::IntSpan::Fast
perl-Set-IntervalTree-0.12-alt1.1.x86_64.rpm Perform range-based lookups on sets of ranges
perl-Set-Product-XS-0.06-alt1.x86_64.rpm speed up Set::Product
perl-SetDualVar-1.0-alt4.1.x86_64.rpm perl module SetDualVar
perl-ShiftJIS-CP932-MapUTF-1.03-alt4.1.x86_64.rpm transcode between Microsoft CP932 and Unicode
perl-ShiftJIS-String-1.11-alt4.1.x86_64.rpm functions to manipulate Shift-JIS strings
perl-ShiftJIS-X0213-MapUTF-0.40-alt4.1.x86_64.rpm conversion between Shift_JIS-2004/Shift_JISX0213 and Unicode
perl-Signal-Pipe-0.001-alt1.x86_64.rpm Self pipes for signal handling
perl-Signal-Safety-0.002-alt4.1.x86_64.rpm Enable or disable safe signal handling
perl-Signal-Unsafe-0.006-alt3.1.x86_64.rpm Unsafe signal handlers made convenient
perl-Simulation-Automate-1.0.1-alt4.1.x86_64.rpm A Simulation Automation Tool
perl-Simulation-Automate-scripts-1.0.1-alt4.1.x86_64.rpm Simulation-Automate scripts
perl-SkewHeap-0.05-alt1.1.x86_64.rpm A fast heap structure for Perl
perl-Slauth-Register-Mailman-0.01-alt4.1.x86_64.rpm Slauth module for user self-registration from Mailman list data
perl-Smart-Match-0.008-alt3.1.x86_64.rpm Smart matching utilities