Randomize contexts by default?

[real-or-random]

Given that getting entropy is easy in Rust (thread_rng at least with std), we could optimistically call randomize() on every new context that we give to the user. I believe the reason why upstream doesn't do this is because it's just not clear how to obtain entropy in C.

An issue is that we'll need to disable this without std, which will be a subtle loss of security if you switch std off. Ignoring the current API, I think the proper way to do this is to let new create randomized contexts and make this only available with std, and have a verbose function new_no_randomize. But that's a pretty large API break. Hm.

If we don't want to do any of this, we should at least add randomize our examples.

Related to #224 and rust-random/rand#313.

[elichai]

well we could randomize in secp256k1::new if the rand feature is available.

this will be a change in direction though, because right now our only ever use of rand is this: https://docs.rs/secp256k1/0.17.2/secp256k1/struct.Secp256k1.html#method.generate_keypair
where the user provide the RNG, that way we don't need to decide which rng.

BUT because only a handful of people know the importance of randomizing the context in practice we can see a lot(most?) of our users not calling it just because they don't know/understand, so I agree that a better default is a great idea

[real-or-random]

BUT because only a handful of people know the importance of randomizing the context in practice we can see a lot(most?) of users not calling it just because they don't know/understand, so I agree that a better default is a great idea

Indeed, this is my main concern.

[real-or-random]

Taking a step back, I believe that even given the problems with C, upstream's API is not optimal here. A better API would be to ask the user to provide entropy already in _context_create, or pass NULL explicitly to opt out.

(This does not help us here but I wanted to share the thought.)