>In any case, as far as I can tell, the information you were given was
>either misled or misleading.  Perhaps he was trying to justify the
>adding of a new not-cryptographically-strong-but-okay random number API
>when it wasn't really necessary?

	at least i need a not-cryptographically-strong-but-okay random number,
	for IPsec ESP IV generation and updates.  I can use strong random
	number, but based on the amount of random number grabbed, i want to
	use something that does not chew entropy too much.
	(i may be able to reuse the last IV value from the previous ESP packet,
	but not sure if i should do that)

itojun