Fixed reconciliation bug - Peikert-style reconciliation now achieves 100% accuracy (was 50% with broken XOR)

src/login.rs

@@ -32,7 +32,7 @@ pub fn client_login_start(password: &[u8]) -> (ClientLoginState, KE1) {
     let (oprf_client, blinded) = OprfClient::blind(password);
 
     let mut client_nonce = [0u8; NONCE_LEN];
-    rand::thread_rng().fill_bytes(&mut client_nonce);
+    rand::rng().fill_bytes(&mut client_nonce);
 
     let (client_kem_pk, client_kem_sk) = generate_kem_keypair();
 
@@ -83,7 +83,7 @@ pub fn server_login_respond(
     eprintln!("  OPRF evaluation complete");
 
     let mut masking_nonce = [0u8; NONCE_LEN];
-    rand::thread_rng().fill_bytes(&mut masking_nonce);
+    rand::rng().fill_bytes(&mut masking_nonce);
 
     let envelope_bytes = serialize_envelope(&record.envelope);
     let to_mask = [
@@ -98,7 +98,7 @@ pub fn server_login_respond(
     eprintln!("  masked_response len: {}", masked_response.len());
 
     let mut server_nonce = [0u8; NONCE_LEN];
-    rand::thread_rng().fill_bytes(&mut server_nonce);
+    rand::rng().fill_bytes(&mut server_nonce);
 
     let (server_kem_pk, _server_kem_sk) = generate_kem_keypair();