I should've changed the Subject: lines before forking the thread.

One additional point:  FIPS 186-2 doesn't include an `entropy pool'.
If we want to keep the entropy pool, we should

   (a) Use a mixing function which is known to be entropy-preserving

   (b) Weight the inserted entropy into the pool by an estimate of
       the *actual* entropy. (See  the earlier item about reworking the
	kernel random-number API to measure actual, obsevred entropy).