While reviewing the "APR-util UUID generator broken" thread, I noticed the following code:
- get_system_time(&time_now); + time_now = apr_time_now(); srand((unsigned int)(((time_now >> 32) ^ time_now) & 0xffffffff)); return rand() & 0x0FFFF; Regardless of how time_now is determined, the application may be using the srand/rand mechanism itself. It seems inappropriate for a library to stomp on the seed. I know there is PRNG code in modern APR; can this code be fixed to use it, instead of the (often broken, non-thread-safe, global-state-using) libc PRNG? Or we could just pull bits from /dev/urandom or a suitable alternative on Windows, if we had an interface to do so. (For some odd reason, APR doesn't provide such an interface, unless it has changed recently.)