If this library is used in a high traffic site with lots of calls, the "Microtime" random source will cause a hang-up since it initiates garbage collection on every call. Of course it doesn't show up until the traffic reaches a certain point.

Yes, we were that site.

Luckily, being the cautious type, I had a failsafe config switch to revert to the previous method without having to redeploy (it's a big site generating pots of cash, the management don't like taking it down).

The solution is to remove it since there's no way of configuring which sources to use.

@adaddinsane there is 100% a way of configuring which sources to use. Simply construct the object yourself instead of using the factory. If you know your runtime environment and needs (which it sounds like you do), then the factory serves no purpose other than saving a few lines of code.

$generator = new Generator(
    [...sources...],
    new Mixer
);

Additionally, the "hangup" is intentional, as it provides a non-deterministic source of entropy. I can see that being a problem, so perhaps it's worth looking into other ways (or only using that source if no higher source exists or is functional).