Harald Fuchs <hf0722x@protecting.net> writes:
>> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>>> It might improve matters to make the code do something like
>>>> srandom((unsigned int) (now.tv_sec ^ now.tv_usec));
> I think we don't need the randomness provided by /dev/[u]random. How
> about XORing in getpid?
That sounds like a fine compromise --- it'll ensure a reasonable-size
set of possible seeds, it's at least marginally less predictable than
now.tv_sec, and it's perfectly portable. No one in their right mind
expects random(3) to be cryptographically secure anyway, so doing more
doesn't seem warranted.
The various proposals to create a more-secure, less-portable variant
of random() don't seem appropriate to me for beta. But I'd not object
to someone whipping up a contrib module for 8.1 or beyond.
regards, tom lane
