Comment 13 for bug 509562

comment 12 contained a bad analysis.
The code that is now committed to maverick gets 31.5 hex chars of randomness rather than 32.
I'm not going to bother changing in maverick.

That said, the right code for upstream is probably something like:
      # get 17 bytes of randomness with top bit a '1'.
      # convert to a hex string like '0x<hex 34 digits>L'
      # then take the last 32 of the hex digits, giving 32 random hex chars
      iv = (hex(BN.rand(17 * 8,top=0)))[4:36]

I'm attaching a better patch for upstream.