We either relies on the crypto provider to generate randomness or uses rand::rngs::OsRng for generating randomness. The latter is cryptographically secure but not ideal because it taps into the OS entropy source directly, which might block or return bad entropy when queried too rapidly.

This issue tracks changes to how we handle randomness.