Add fresh_rng()

[dhardy]

Add a wrapper around thread_rng which combines the output with fresh entropy from RDRAND, and call it fresh_rng.

Related to #314.

Advantage: a redundant security layer and some level of protection against forks, with relatively low overhead.

Disadvantage: we need to depend on @nagisa's rdrand crate. The crate is tiny and will depend on rand-core only so this is probably not an issue, though it could theoretically be in yet another crate (fresh_rng can't be in rdrand because that doesn't have access to thread_rng).

@nagisa I was wondering whether it would make sense to move rdrand into this repo as a sub-workspace, but that's not required.

[nagisa]

I would be very much against fresh_rng if we were to only make it work "as intended" on a small variety of x86 platforms :) Why not simply have a MyAwesomeRng<EvenBetterRng: RngCore>?

This is 2nd time in 2 weeks somebody asked to move rdrand crate somewhere else. I wouldn’t mind that as long as it stays a separate crate.

[pitdicker]

@dhardy. It seems I am shooting down all your ideas today.... Sorry.

What Amazons s2n does seems like a nice idea for them. Combining two reasonably fast secure RNGs to get something that should be even more secure.

To me it seems a bit niche and paranoid. And as @nagisa points out it is designed for and tied to a specific platform. Doesn't that make it more suitable to living in an external crate?

Besides that, I would be interested in two experiments. How real is the concern for forks? And what is the performance of a combined RNG like this?

[dhardy]

Maybe I should just leave it to @nagisa to create the MyAwesomeRng wrapper type 😄 In any case, I think there are considerably more arguments against this idea than for, so will close.