https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94087
--- Comment #17 from rguenther at suse dot de <rguenther at suse dot de> --- On Thu, 14 May 2020, redi at gcc dot gnu.org wrote: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94087 > > --- Comment #14 from Jonathan Wakely <redi at gcc dot gnu.org> --- > (In reply to Jonathan Wakely from comment #13) > > I'd rather not have to do everything shown at > > https://software.intel.com/content/www/us/en/develop/articles/intel-digital- > > random-number-generator-drng-software-implementation-guide.html to produce a > > That was meant to link to section 5.2.6 "Generating Seeds from RDRAND" > https://software.intel.com/content/www/us/en/develop/articles/intel-digital-random-number-generator-drng-software-implementation-guide.html#inpage-nav-5-7 > > > stronger seed from RDRAND. > > Given that RDRAND is already an acceptable implementation for > std::random_device, and the standard makes no guarantees about the > cryptographic strength of values returned from std::random_device, using > RDRAND > directly is a reasonable alternative. How about falling back to the mersenne twister? Or does that invoke too much overhead in the fallback case? At least it is reliably there and cannot fail.
