Expand description
Secure Random Number Generation
Provides cryptographically secure random number generation using a ChaCha20-based CSPRNG seeded from hardware entropy sources.
§Design
The CSPRNG uses ChaCha20 in counter mode as the core PRG:
- 256-bit key derived from entropy pool
- 96-bit nonce (fixed per reseed)
- 32-bit counter incremented for each 64-byte block
Entropy sources (via arch::entropy abstraction):
- Hardware RNG (RDRAND on x86_64, if available)
- Timer-jitter entropy (architecture-independent fallback)
Reseeding occurs every RESEED_INTERVAL calls to mix fresh entropy.