In message <20031125213731.D518023410@thoreau.thistledown.com.au>Simon Burge wr
ites

>While we throw away up to 3 random numbers each time we ask for a single
>random number, we're always going to have a minimum gap of approximately
>1/3rd the theoretical gap.

Its enough to make you weep. Well, me anyway.

There's an English proverb: ``once bitten, twice shy'', and a similar
US phrase: ``fool me once shame on you. Fool me twice, shame on me''.
OpenBSD code in general, and this code in specific, is well into 
``shame on me'' territory -- at least for me.

Lets ignore, for now, that this code was about to be re-enabled
without applying the existing NetBSD test tool -- a tool which not
only uncovered the original problem, but which would have immediately
uncovered this bug, too.

Can we, instead, decare a moratorium on importing any cryptographic or
PRNG code from OpenBSD, until *after* the code has been reviewed, and
until *after* the code has passed *empirical testing*?