Peter Bortas wrote:
o The random(), random_string() and random_seed() might be more random
On computers with a hardware pseudo random generator random() can return significantly more random numbers, however, this means that random_seed is a no-op on those machines.
That would mean that it becomes impossible to generate an identical random stream using the same random_seed between different runs or between different architectures.
I'd say it would be prudent to switch to a predictable pseudo-random-sequence as soon as someone has called random_seed() with a non-zero parameter. If random_seed() is not being called, then it does not matter, and faster and more random is better.
With the cryptographic work that has happened over the past year or two I think the road ahead should be to just use /dev/random for random()/random_string() for a slow but secure random source, and deprecate random_see(). If you have any additional requirements like predictable or fast you need to explicitly pick that. I have made a few drafts of this already, but there needs to be an interface class implemented in C to access the _random lfun.