The research mindset


    "The next generation awesome random subsystem must be
    super, super secure, before we change 1 line of code
    to rely on it"

result -> nothing changes.  20 years of stagnancy.

If you try to create your own random layer, the crypto forums
attack you


Reality: focusing only on key/IV quality leaves lots of problems
              unsolved
Reality: there are many very different use cases for random data.
Reality: there are many problematic calling contexts

Imagine a world where RNG is as cheap as bzero()