diff --git a/LICENSE b/LICENSE.mit
similarity index 100%
rename from LICENSE
rename to LICENSE.mit
diff --git a/Makefile b/Makefile
index d94d448..2f318d4 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-VERSION := 0.9.2
+VERSION := 0.9.0
 .PHONY: lint vis clean common client server passwd subpkgs install uninstall reinstall
 
 ## Tag version of binaries with build info wrt.
diff --git a/xsnet/net.go b/xsnet/net.go
index 387c35d..052c895 100644
--- a/xsnet/net.go
+++ b/xsnet/net.go
@@ -39,7 +39,6 @@ import (
 	"strings"
 	"sync"
 	"time"
-	crand "crypto/rand"
 
 	hkex "blitter.com/go/herradurakex"
 	"blitter.com/go/kyber"
@@ -475,11 +474,24 @@ func FrodoKEMDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	return
 }
 
+// randReader wraps rand.Read() in a struct that implements io.Reader
+// for use by the Kyber and NEWHOPE/NEWHOPE_SIMPLE KEM methods.
+type randReader struct {
+}
+
+func (r randReader) Read(b []byte) (n int, e error) {
+	n, e = rand.Read(b)
+	return
+}
+
 func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	// Send xsnet.Conn parameters to remote side
 
 	// Alice, step 1: Generate a key pair.
-	privKeyAlice, pubKeyAlice, err := newhope.GenerateKeyPairAlice(crand.Reader)
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
+
+	privKeyAlice, pubKeyAlice, err := newhope.GenerateKeyPairAlice(r)
 	if err != nil {
 		panic(err)
 	}
@@ -521,7 +533,9 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 	// Send xsnet.Conn parameters to remote side
 
 	// Alice, step 1: Generate a key pair.
-	privKeyAlice, pubKeyAlice, err := newhope.GenerateKeyPairSimpleAlice(crand.Reader)
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
+	privKeyAlice, pubKeyAlice, err := newhope.GenerateKeyPairSimpleAlice(r)
 	if err != nil {
 		panic(err)
 	}
@@ -563,17 +577,19 @@ func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 	// Send xsnet.Conn parameters to remote side
 
 	// Alice, step 1: Generate a key pair.
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
 	var alicePublicKey *kyber.PublicKey
 	var alicePrivateKey *kyber.PrivateKey
 	switch hc.kex {
 	case KEX_KYBER512:
-		alicePublicKey, alicePrivateKey, err = kyber.Kyber512.GenerateKeyPair(crand.Reader)
+		alicePublicKey, alicePrivateKey, err = kyber.Kyber512.GenerateKeyPair(r)
 	case KEX_KYBER768:
-		alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(crand.Reader)
+		alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(r)
 	case KEX_KYBER1024:
-		alicePublicKey, alicePrivateKey, err = kyber.Kyber1024.GenerateKeyPair(crand.Reader)
+		alicePublicKey, alicePrivateKey, err = kyber.Kyber1024.GenerateKeyPair(r)
 	default:
-		alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(crand.Reader)
+		alicePublicKey, alicePrivateKey, err = kyber.Kyber768.GenerateKeyPair(r)
 	}
 
 	if err != nil {
@@ -715,6 +731,8 @@ func FrodoKEMAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 }
 
 func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
 	// Bob, step 1: Deserialize Alice's public key from the binary encoding.
 	alicePublicKey := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, alicePublicKey)
@@ -736,7 +754,7 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	}
 
 	// Bob, step 2: Generate the KEM cipher text and shared secret.
-	pubKeyBob, bobSharedSecret, err := newhope.KeyExchangeBob(crand.Reader, &pubKeyAlice)
+	pubKeyBob, bobSharedSecret, err := newhope.KeyExchangeBob(r, &pubKeyAlice)
 	if err != nil {
 		panic(err)
 	}
@@ -751,6 +769,8 @@ func NewHopeAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 }
 
 func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
 	// Bob, step 1: Deserialize Alice's public key from the binary encoding.
 	alicePublicKey := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, alicePublicKey)
@@ -772,7 +792,7 @@ func NewHopeSimpleAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	}
 
 	// Bob, step 2: Generate the KEM cipher text and shared secret.
-	pubKeyBob, bobSharedSecret, err := newhope.KeyExchangeSimpleBob(crand.Reader, &pubKeyAlice)
+	pubKeyBob, bobSharedSecret, err := newhope.KeyExchangeSimpleBob(r, &pubKeyAlice)
 	if err != nil {
 		panic(err)
 	}
@@ -818,7 +838,9 @@ func KyberAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 	}
 
 	// Bob, step 2: Generate the KEM cipher text and shared secret.
-	cipherText, bobSharedSecret, err := peerPublicKey.KEMEncrypt(crand.Reader)
+	r := new(randReader)
+	rand.Seed(time.Now().UnixNano())
+	cipherText, bobSharedSecret, err := peerPublicKey.KEMEncrypt(r)
 	if err != nil {
 		panic(err)
 	}