From 9d8ab16c7151821a9925384dedc9d1f2865af90b Mon Sep 17 00:00:00 2001
From: Mason Simon <masonsimon@gmail.com>
Date: Sun, 27 May 2018 23:24:27 -0700
Subject: [PATCH] Fix README description of RNG

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c01b5fe..1010e39 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@
 2. On each request, generate masked IP address as `HASH(salt ++ IP address)`.
 3. Log masked IP address.
 
-`ipscrub` uses `ngx_random` to generate random nonces. `ngx_random` is defined as the C `random()` function on non-Windows platforms, and `rand()` on Windows. NOTE: this is not a cryptographically secure RNG, but for the following threat model, that is ok.
+`ipscrub` uses `arc4random` to generate random nonces (see [Theo de Raat's talk on arc4random](https://www.youtube.com/watch?v=aWmLWx8ut20) for a great overview). On Linux this requires installing [libbsd](https://libbsd.freedesktop.org/wiki/) (package libbsd-dev on Ubuntu/Debian). 
 
 ALSO NOTE: the generated hash WILL change on each `PERIOD` transition, so you will only have continuity within each `PERIOD`. But because users can transition between networks at any time (e.g. wifi -> cellular), you'd have this type of issue even if you were storing raw IPs.