sts10 · sts10 · Nov 11, 2023 · Nov 11, 2023 · Nov 11, 2023 · Nov 11, 2023
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -12,6 +12,7 @@ categories = ["command-line-utilities"]
 
 [dependencies]
 rand = "0.8.5"
+rand_chacha = "0.3.1"
 clap = { version = "4.5.4", features = ["derive"] }
 unicode-normalization = "0.1.23"
 include-lines = "1.1.2"

diff --git a/readme.markdown b/readme.markdown
@@ -471,9 +471,9 @@ gave-model-coil-lent-deep-lam-chin-tall
 
 ## Source of randomness
 
-Phraze uses the [rand crate](https://github.com/rust-random/rand)'s [ThreadRng](https://rust-random.github.io/rand/rand/rngs/struct.ThreadRng.html) as its cryptographically secure pseudo-random number generator (CSPRNG) for generating passphrases.
+Phraze uses [ChaCha20](https://docs.rs/rand_chacha/latest/rand_chacha/struct.ChaCha20Rng.html) for its pseudo-random number generator. As the documentation notes: 
 
-According to [the rand crate documentation at the time of this writing, "ThreadRng uses the same CSPRNG as StdRng, ChaCha12"](https://rust-random.github.io/rand/rand/rngs/struct.ThreadRng.html), meaning it uses 12 rounds of the ChaCha stream cipher. That `StdRng` uses ChaCha12 is [relatively clear in the source code](https://docs.rs/rand/latest/src/rand/rngs/std.rs.html#9-15). (See [this issue](https://github.com/rust-random/rand/issues/932) for arguments in favor of using 12 rounds rather than 20.)
+> With the ChaCha algorithm it is possible to choose the number of rounds the core algorithm should run. The number of rounds is a tradeoff between performance and security, where 8 rounds is the minimum potentially secure configuration, and 20 rounds is widely used as a conservative choice.
 
 ## Why another random passphrase generator?
 There are already a few good passphrase generators, including [passphraseme](https://github.com/micahflee/passphraseme) and [Pgen](https://github.com/ctsrc/Pgen).

diff --git a/src/lib.rs b/src/lib.rs
@@ -4,7 +4,9 @@ pub mod unicode_normalization_check;
 
 use crate::separators::make_separator;
 use include_lines::include_lines;
-use rand::{seq::SliceRandom, thread_rng, Rng};
+use rand::SeedableRng;
+use rand::{seq::SliceRandom, Rng};
+use rand_chacha::ChaCha20Rng;
 
 /// This enum, `ListChoice`, represents all of the "built-in" word lists that Phraze can use.
 #[derive(Clone, Debug, Copy)]
@@ -88,7 +90,7 @@ pub fn generate_a_passphrase<T: AsRef<str> + std::fmt::Display>(
     title_case: bool,
     list: &[T], // We accept either type by using `T`!
 ) -> String {
-    let mut rng = thread_rng();
+    let mut rng = ChaCha20Rng::from_entropy();
     // Create a blank String to put words into to create our passphrase
     let mut passphrase = String::new();
     for i in 0..number_of_words_to_put_in_passphrase {