2023.05.29 16:57:36 (Mastodon 110453028041766014, Twitter 1663228033531011072) from Daniel J. Bernstein:
Exercise in systems engineering: What's the best fix for https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x? Change the Kyber and FrodoKEM software? Change the RNG to a simpler randombytes() API that guarantees callers won't see this failure case? Crypto students aren't taught how to think this through.