- // A bit hesitant to use openssl_random_pseudo_bytes() as we know
- // it has been historically targeted by US agencies for 'weakening'.
- // It is still arguably better than trying to come up with an
- // alternative cryptographically secure random generator.
- // There is little point in using the optional second arg to flag the
- // assurance of security since it is meaningless if the source algorithms
- // have been compromised. Also none of this matters if RSA has been
- // compromised by state actors and evidence is mounting that this has
- // already happened.