Thanks for the input. See <https://news.ycombinator.com/item?id=39834820> for more details. The device is the TKey, so essentially only 32-byte secret value that is determined at program-load-time. (See more details in other comment.)
The RNG is not really there. There is a true RNG (i.e. source of entropy) but not cryptographically-secure. However, you can use this and other data with the Blake2s (from firmware) or your own hash-functcion, to attempt to approximate randomness. So you essentially need to initialize it yourself and can go wild if you want to.
No comments yet.