Package slowseeder implements a drop-in replacement for a rand source intended for cryptographic key generation.
It has been designed to be simple to comprehend. Generation is deterministic from a seed, uses multiple layered hashing functions, and is parameterized to easily extend the time spent during each iteration, making brute force and pre-computation more difficult.
This project could use some tests. PRs are welcome.
The way golang consumes entropy while performing cryptographic functions is subject to change at any time. Normally this wouldn't matter, but because this creates a deterministic stream, the final product will change as well.