From 36894729c053b4736b9de41c1405e436cd41112b Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Fri, 20 Oct 2023 13:16:37 +0000
Subject: [PATCH] readme note on csprng

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 17790df..146ae7e 100644
--- a/README.md
+++ b/README.md
@@ -839,7 +839,10 @@ Use low-level libraries & languages. Nonetheless we're targetting algorithmic co
 We're deferring to built-in
 [crypto.getRandomValues](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues)
 which is considered cryptographically secure (CSPRNG).
+
 In the past, browsers had bugs that made it weak: it may happen again.
+Implementing a userspace CSPRNG to get resilient to the weakness
+is even worse: there is no reliable userspace source of quality entropy.
 
 ## Speed