zmq::generate_random() is called from many places but zmq::seed_random() is never called, meaning zmq::generate_random() calls an unseeded rand() and probably generates the same pseudo-random sequence every time. This may have an impact for example on the ws:// protocol. Moreover, using now() + pid is a poor seed (if zmq::seed_random() is ever called) - should use rand_s() as seed in zmq::seed_random(), or empty zmq::seed_random() and only use rand_s() in zmq::generate_random()

rand_s() incidentally returns an uint32_t which would avoid the current gymnastics consisting in calling rand() twice. Also the mere existence of zmq::seed_random()/zmq::generate_random() could be construed as an attempt to get better numbers than rand() - otherwise why not just call rand()? - therefore the second option, no-op zmq::seed_random() and use rand_s() in zmq::generate_random() makes sense.

On platforms where rand_s isn't available, maybe use libsodium if configured, at least for the seed, and make sure zmq::seed_random() is called once.