mgenmid: do not use raw timestamp

We one-time-pad the timestamp with a random key instead.
This will provide enough entropy to be unique, but not leak the system date.
Even with a bad RNG state it should guarantee uniqueness, however.

man/mgenmid.1

@@ -1,4 +1,4 @@
-.Dd August 1, 2016
+.Dd December 25, 2018
 .Dt MGENMID 1
 .Os
 .Sh NAME
@@ -9,7 +9,7 @@
 .Sh DESCRIPTION
 .Nm
 generates and prints a unique Message-ID.
-The Message-ID consists of an encoded timestamp,
+The Message-ID consists of an encrypted timestamp,
 a random value,
 and a fully qualified domain name.
 .Pp

mgenmid.c

@@ -85,30 +85,35 @@ int main()
 	struct timeval tp;
 	gettimeofday(&tp, (struct timezone *)0);
 
-	uint64_t rnd;
+	uint64_t rnd1, rnd2;
 
 	int rndfd = open("/dev/urandom", O_RDONLY);
 	if (rndfd >= 0) {
-		unsigned char rndb[8];
+		unsigned char rndb[16];
 		if (read(rndfd, rndb, sizeof rndb) != sizeof rndb)
 			goto fallback;
 		close(rndfd);
 
 		int i;
-		for (i = 0, rnd = 0; i < 8; i++)
+		for (i = 0, rnd1 = 0; i < 8; i++)
-			rnd = rnd*256 + rndb[i];
+			rnd1 = rnd1*256 + rndb[i];
+		for (i = 0, rnd2 = 0; i < 8; i++)
+			rnd2 = rnd2*256 + rndb[i+8];
 	} else {
 fallback:
 		srand48(tp.tv_sec ^ tp.tv_usec ^ getpid());
-		rnd = ((uint64_t)lrand48() << 32) + lrand48();
+		rnd1 = ((uint64_t)lrand48() << 32) + lrand48();
+		rnd2 = ((uint64_t)lrand48() << 32) + lrand48();
 	}
 
-	rnd |= (1ULL << 63);  // set highest bit to force full width
+	rnd1 ^= ((uint64_t)tp.tv_sec * 1000000LL + tp.tv_usec);
+	rnd1 |= (1ULL << 63);  // set highest bit to force full width
+	rnd2 |= (1ULL << 63);  // set highest bit to force full width
 
 	putchar('<');
-	printb36(((uint64_t)tp.tv_sec * 1000000LL + tp.tv_usec));
+	printb36(rnd1);
 	putchar('.');
-	printb36(rnd);
+	printb36(rnd2);
 	putchar('@');
 	fputs(host, stdout);
 	putchar('>');