On Sat, Apr 18, 2020 at 12:26:34PM -0500, Derek wrote in
<20200418172634.gi19...@bladeshadow.org>:
Using a standard method for generating IDs is one I would support in
general, as I believe in standards conformance in absentia of a good
reason not to conform. Gowever in this case, it appears the
referenced document never made it past draft status. It could be
because the document itself describes its own flaw, which is the same
flaw I have just explained in another message that the one being
discussed here has:
3.2.2. Using a psuedorandom number generator
One could take 64 bits from a good, well-seeded pseudorandom number
generator [PRNG] in order to significantly increase the uniqueness of
the Message-ID. The advantage of this method is that it is fast and
generally effective. The disadvantage is that in a perfect random
number generation scheme, the possibility of getting the same number
twice in a row is exactly the same probability as getting any two
numbers.
In other words, this scheme does not guarantee uniqueness, and is
therefore broken.
Well, the odds of the same number being selected are about 1 in 2 billion
(on modern day Linux, admittedly), while the odds of winning the jackpot
in the Powerball lottery are about 1 in 292 million. If those odds still
sound too likely to you, realise that for this to be an issue it would
also have to pertain to two emails being sent using mutt on the same
system at the same second in time. I am not too worried about these odds
myself, but if it is an issue, one could also include nanoseconds in the
timestamp part or add another random number.
Platforms with a smaller value for RAND_MAX might need additional
consideration, so that is a good point to keep in mind.
Kind regards,
Remco
