>Yarrow would be a nice idea, but unfortunately the standards in question
>are quite strict, many people building products with NetBSD are _forced_
>to strictly conform to them, and neither one permits Yarrow.  The X9.31
>generator, perhaps hooked to an API that lets you choose the block cipher
>used, is probably the best bet.

Just a question here ... is someone actually going through or would
go through the trouble of getting a NetBSD random number generator
FIPS 140 certified? Because as I understand it, everyone who requires
that needs it to be certified (I have no idea if any certification
is required for X9.31).

--Ken