On Fri, Nov 19, 2021 at 1:09 PM Jason McKesson via Std-Proposals <std-proposals@lists.isocpp.org> wrote:

I get the idea that calling `random_device` 624 times for 32-bits at a
time is not necessarily a good idea. But maybe we should be teaching
people not to use RNGs that have 624-integer seeds instead of making
it harder for people to use RNGs with more reasonable seed sizes.

+1, obviously. :)
Or we could split the difference by allowing the user to provide an
integer number for the maximum number of values to extract from
`random_device`. Maybe even make providing the integer mandatory.

The operation of "specifying a number of bits to take from random_device, and then 'key-stretching' those into a larger seed value suitable for MT19937," sounds like a perfect job for... a PRNG. ;)

// Consume a lot of randomness from the OS to seed mt19937
auto g = nonstd::mt19937(std::random_device{});

// Consume only 256 bits of randomness from the OS to seed xoshiro256ss;
// then consume a lot of pseudo-randomness from xoshiro256ss to seed mt19937 
auto g = nonstd::mt19937(nonstd::xoshiro256ss(std::random_device{}));