%% You should probably cite rfc8937 instead of this I-D. @techreport{irtf-cfrg-randomness-improvements-03, number = {draft-irtf-cfrg-randomness-improvements-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-irtf-cfrg-randomness-improvements/03/}, author = {Cas Cremers and Luke Garratt and Stanislav V. Smyshlyaev and Nick Sullivan and Christopher A. Wood}, title = {{Randomness Improvements for Security Protocols}}, pagetotal = 9, year = 2018, month = oct, day = 21, abstract = {Randomness is a crucial ingredient for TLS and related security protocols. Weak or predictable "cryptographically-strong" pseudorandom number generators (CSPRNGs) can be abused or exploited for malicious purposes. The Dual EC random number backdoor and Debian bugs are relevant examples of this problem. An initial entropy source that seeds a CSPRNG might be weak or broken as well, which can also lead to critical and systemic security problems. This document describes a way for security protocol participants to augment their CSPRNGs using long-term private keys. This improves randomness from broken or otherwise subverted CSPRNGs.}, }