Hi Trevor, > I.e. use e as the seed for any PRNG. Seems like SipHash would be a good candidate here. Alternatively, couldn't I just use any of the encrypted payload of the handshake messages? Those are ChaPoly output and should be uniformly random. Jason