Any secret token that allows someone to access a resource or perform an action should be generated with a secure random number generator. Perl’s built-in rand function is not suitable for this: it is seeded by only 32-bits (4 bytes), and the output can be predicted easily.

There are many modules on CPAN with random number generators. Which ones should you use?

We have added a CPAN Author’s Guide to Random Data for Security. This recommends a few modules that are generaly portable, easy to use and have good defaults.