diff --git a/AES.cabal b/AES.cabal
--- a/AES.cabal
+++ b/AES.cabal
@@ -1,7 +1,7 @@
 Name: AES
 Synopsis: Fast AES encryption/decryption for bytestrings
 Description: A zero-copy binding to Brian Gladman's AES implementation, including a copy of that implementation
-Version: 0.2.4
+Version: 0.2.5
 License: BSD3
 License-file: COPYING
 Copyright: Copyright (c) 2009 University of Tromsø
@@ -18,7 +18,8 @@
 
 Library
   Build-Depends:
-        base >= 4 && < 5 , bytestring, monads-tf >= 0.0.0.1 && < 0.1, transformers >= 0.1.4.0 && < 0.2
+        base >= 4 && < 5 , bytestring, monads-tf >= 0.0.0.1 && < 0.1, transformers >= 0.1.4.0 && < 0.2,
+        random, cereal >= 0.2
   Extensions:
         ForeignFunctionInterface,
         ViewPatterns,
@@ -28,7 +29,8 @@
         Control.Monad.UnsafeIO,
         Codec.Crypto.AES,
         Codec.Crypto.AES.Monad,
-        Codec.Crypto.AES.IO
+        Codec.Crypto.AES.IO,
+        Codec.Crypto.AES.Random
 
   ghc-options: -Wall
   
diff --git a/Codec/Crypto/AES/Random.hs b/Codec/Crypto/AES/Random.hs
new file mode 100644
--- /dev/null
+++ b/Codec/Crypto/AES/Random.hs
@@ -0,0 +1,64 @@
+-- | This module provides a cryptographically secure PRNG based on
+-- AES, reading the seed from /dev/random
+module Codec.Crypto.AES.Random(randBytes,prandBytes,AESGen,newAESGen) where
+
+import Data.Serialize
+import System.IO.Unsafe
+import System.IO
+import System.Random
+import Control.Applicative
+import Prelude hiding(head)
+import Codec.Crypto.AES.IO
+import Control.Concurrent.MVar
+import qualified Data.ByteString as B
+import qualified Data.ByteString.Lazy as BL
+import Data.List
+
+-- | Randomness from a system source of nonsense such as /dev/random
+randBytes :: Int -> IO B.ByteString
+randBytes n = withFile "/dev/urandom" ReadMode $ \h -> B.hGet h n
+
+{-# NOINLINE ctx #-}
+ctx :: MVar AESCtx
+ctx = unsafePerformIO $ do
+  key <- randBytes 16
+  iv <- randBytes 16
+  newMVar =<< newCtx CTR key iv Encrypt
+  
+-- | Cryptographic pseudorandomness from an AES cipher. This function
+-- is currently inefficient for non-multiple-of-16 sized bytestrings.
+prandBytes :: Int -> IO B.ByteString
+prandBytes n = withMVar ctx $ \aesctx -> do
+  bytes <- crypt aesctx $ B.replicate (((n+15) `div` 16) * 16) 0
+  return $ B.take n bytes
+
+-- | A random number generator that gets its input from prandBytes,
+-- ensuring purity by storing those bytes for later if you don't
+-- discard the generator.
+--
+-- Using split on this generator isn't supported, but could be.
+--
+-- Please note that if an asynchronous exception is caught while a
+-- random number is being generated, the generator will be wrecked
+-- forevermore.
+newtype AESGen = RND [Int]
+
+instance Show AESGen where
+  show _ = "AESGen [...]"
+
+instance RandomGen AESGen where
+  next (RND (i:is)) = (i,RND is)
+  next (RND []) = undefined
+  split _ = error "split not supported on Codec.Crypto.AES.Random.AESGen"
+
+intSizeInBinary :: Int
+intSizeInBinary = fromIntegral $ B.length $ encode (0::Int)
+
+newAESGen :: IO AESGen
+newAESGen = RND <$> gen
+  where gen = unsafeInterleaveIO $ do
+          bytes <- prandBytes 64
+          let chunks = unfoldr (\b -> if B.null b then Nothing else Just (B.splitAt intSizeInBinary b)) bytes
+              ints = map ((\(Right i) -> i) . decode) chunks
+          moreInts <- gen
+          return (ints ++ moreInts)
