On Mon, Nov 6, 2017 at 7:49 AM, Peter Dimov via Boost wrote: Paul A. Bristow wrote: I have been following this erudite discussion with interest, but >
ignorance. Without wishing to add even more entropy, may I suggest that adding
more > options is rarely a bad thing, but it creates an even more
bewildering > set of options for the user (for UUID, I fear as ignorant as
I). That is why I'd like the default generator to do the right thing and
doing the wrong thing to be harder and not be presented as an equivalent... ... or more "optimal"... alternative. I'm planning to change random_generator to use the header-only
random_device
based on points made in this discussion:
1. It is more secure.
2. I believe it is the most widely used use case: generating a uuid
relatively infrequently
(i.e. not in bulk).
Therefore it will look something like this:
//
// The default random_generator uses operating-system provided entropy,
// is the most secure, and fastest random uuid generator for creating a
// small number of uuids with a single generator because it does not need
// expensive seeding to be effective like a PseudoRandomNumberGenerator
// does.
//
typedef basic_random_generatordetail::random::random_device
random_generator;
//
// The bulk generator uses a mersenne twister to make random uuid
generation of
// many uuids from a single generator more efficient, at the expense of
security
// and guaranteed randomness.
//
typedef basic_random_generator<mt19937> random_generator_bulk;
This is a breaking change for anyone providing their own mersenne twister
to the
random_generator constructors that take a UniformRandomNumberGenerator.
I expect this would be quite rare, and in that case one could switch to
using _bulk
easily enough.
Please correct me if I misinterpreted anything.
I'll have a PR into my fork for a dry-run through CI later today and I'll
post the link here.
- Jim