diff --git a/Cargo.lock b/Cargo.lock
index b50281f7..82a4f77f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -586,9 +586,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.150"
+version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 
 [[package]]
 name = "libm"
@@ -602,23 +602,6 @@ version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
 
-[[package]]
-name = "lms-signature"
-version = "0.1.0-pre"
-dependencies = [
- "digest",
- "hex",
- "hex-literal",
- "hybrid-array",
- "rand",
- "rand_core",
- "sha2",
- "signature",
- "static_assertions",
- "typenum",
- "zeroize",
-]
-
 [[package]]
 name = "log"
 version = "0.4.21"
@@ -1133,12 +1116,6 @@ dependencies = [
  "der",
 ]
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "subtle"
 version = "2.6.1"
diff --git a/Cargo.toml b/Cargo.toml
index 50f6fce4..0a2469bd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,12 +5,16 @@ members = [
     "ecdsa",
     "ed448",
     "ed25519",
-    "lms",
+    #"lms",
     #"ml-dsa",
     "rfc6979",
     "slh-dsa"
 ]
-exclude = ["ml-dsa"] # using rand_core v0.9
+# using rand_core v0.9
+exclude = [
+    "lms",
+    "ml-dsa",
+]
 
 [profile.dev]
 opt-level = 2
@@ -22,7 +26,7 @@ dsa = { path = "./dsa" }
 ecdsa = { path = "./ecdsa" }
 ed448-signature = { path = "./ed448" }
 ed25519 = { path = "./ed25519" }
-lms-signature = { path = "./lms" }
+#lms-signature = { path = "./lms" }
 #ml-dsa          = { path = "./ml-dsa" }
 rfc6979 = { path = "./rfc6979" }
 slh-dsa = { path = "./slh-dsa" }
diff --git a/lms/Cargo.lock b/lms/Cargo.lock
new file mode 100644
index 00000000..eefd511e
--- /dev/null
+++ b/lms/Cargo.lock
@@ -0,0 +1,387 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "bitflags"
+version = "2.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
+
+[[package]]
+name = "block-buffer"
+version = "0.11.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3fd016a0ddc7cb13661bf5576073ce07330a693f8608a1320b4e20561cc12cdc"
+dependencies = [
+ "hybrid-array",
+]
+
+[[package]]
+name = "byteorder"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "const-oid"
+version = "0.10.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68ff6be19477a1bd5441f382916a89bc2a0b2c35db6d41e0f6e8538bf6d6463f"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.2.0-rc.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0b8ce8218c97789f16356e7896b3714f26c2ee1079b79c0b7ae7064bb9089fa"
+dependencies = [
+ "getrandom 0.2.15",
+ "hybrid-array",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "digest"
+version = "0.11.0-pre.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf2e3d6615d99707295a9673e889bf363a04b2a466bd320c65a72536f7577379"
+dependencies = [
+ "block-buffer",
+ "const-oid",
+ "crypto-common",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.13.3+wasi-0.2.2",
+ "windows-targets",
+]
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "hex-literal"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46"
+
+[[package]]
+name = "hybrid-array"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2d35805454dc9f8662a98d6d61886ffe26bd465f5960e0e55345c70d5c0d2a9"
+dependencies = [
+ "typenum",
+ "zeroize",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.169"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
+
+[[package]]
+name = "lms-signature"
+version = "0.1.0-pre"
+dependencies = [
+ "digest",
+ "hex",
+ "hex-literal",
+ "hybrid-array",
+ "rand",
+ "rand_core 0.9.0",
+ "sha2",
+ "signature",
+ "static_assertions",
+ "typenum",
+ "zeroize",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
+dependencies = [
+ "zerocopy 0.7.35",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.93"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "rand"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
+dependencies = [
+ "rand_chacha",
+ "rand_core 0.9.0",
+ "zerocopy 0.8.18",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.0",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.15",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b08f3c9802962f7e1b25113931d94f43ed9725bebc59db9d0c3e9a23b67e15ff"
+dependencies = [
+ "getrandom 0.3.1",
+ "zerocopy 0.8.18",
+]
+
+[[package]]
+name = "sha2"
+version = "0.11.0-pre.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "540c0893cce56cdbcfebcec191ec8e0f470dd1889b6e7a0b503e310a94a168f5"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "signature"
+version = "2.3.0-pre.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4633ec5613e4218fbab07568ca79ee388e3c041af75f0f83a15f040f096f94cf"
+dependencies = [
+ "digest",
+ "rand_core 0.9.0",
+]
+
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
+[[package]]
+name = "syn"
+version = "2.0.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "typenum"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "wasi"
+version = "0.13.3+wasi-0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
+dependencies = [
+ "wit-bindgen-rt",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
+
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.33.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.7.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
+dependencies = [
+ "byteorder",
+ "zerocopy-derive 0.7.35",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "79386d31a42a4996e3336b0919ddb90f81112af416270cff95b5f5af22b839c2"
+dependencies = [
+ "zerocopy-derive 0.8.18",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.7.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76331675d372f91bf8d17e13afbd5fe639200b73d01f0fc748bb059f9cca2db7"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
diff --git a/lms/Cargo.toml b/lms/Cargo.toml
index 573bc3e5..93b29d15 100644
--- a/lms/Cargo.toml
+++ b/lms/Cargo.toml
@@ -14,11 +14,11 @@ keywords = ["crypto", "signature"]
 [dependencies]
 digest = "=0.11.0-pre.9"
 hybrid-array = { version = "0.2.0-rc.11", features = ["extra-sizes", "zeroize"] }
-rand = "0.8.5"
+rand = "0.9.0"
 sha2 = "=0.11.0-pre.4"
 static_assertions = "1.1.0"
-rand_core = "0.6.4"
-signature = { version = "2.3.0-pre.0", features = ["digest", "std", "rand_core"] }
+rand_core = "0.9.0"
+signature = { version = "=2.3.0-pre.6", features = ["digest", "std", "rand_core"] }
 typenum = { version = "1.17.0", features = ["const-generics"] }
 zeroize = "1.8.1"
 
diff --git a/lms/src/lms/mod.rs b/lms/src/lms/mod.rs
index 9562ad71..a9bd07e4 100644
--- a/lms/src/lms/mod.rs
+++ b/lms/src/lms/mod.rs
@@ -23,7 +23,7 @@ mod tests {
     use crate::{lms::SigningKey, ots::LmsOtsSha256N32W4};
 
     fn test_sign_and_verify<Mode: LmsMode>() {
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
 
         // Generate a fresh keypair
         let mut sk = SigningKey::<Mode>::new(&mut rng);
diff --git a/lms/src/lms/private.rs b/lms/src/lms/private.rs
index c11e0729..fcd09a21 100644
--- a/lms/src/lms/private.rs
+++ b/lms/src/lms/private.rs
@@ -7,7 +7,8 @@ use crate::types::{Identifier, Typecode};
 
 use digest::{Digest, Output, OutputSizeUser};
 use hybrid_array::{Array, ArraySize};
-use rand::{CryptoRng, Rng};
+use rand::Rng;
+use rand_core::{CryptoRng, TryCryptoRng};
 use signature::{Error, RandomizedSignerMut};
 
 use core::array::TryFromSliceError;
@@ -105,9 +106,9 @@ impl<Mode: LmsMode> SigningKey<Mode> {
 
 // this implements the algorithm from Appendix D in <https://datatracker.ietf.org/doc/html/rfc8554#appendix-D>
 impl<Mode: LmsMode> RandomizedSignerMut<Signature<Mode>> for SigningKey<Mode> {
-    fn try_sign_with_rng(
+    fn try_sign_with_rng<R: TryCryptoRng>(
         &mut self,
-        rng: &mut impl rand_core::CryptoRngCore,
+        rng: &mut R,
         msg: &[u8],
     ) -> Result<Signature<Mode>, Error> {
         if self.q >= Mode::LEAVES {
diff --git a/lms/src/lms/public.rs b/lms/src/lms/public.rs
index c93a5519..427bff7d 100644
--- a/lms/src/lms/public.rs
+++ b/lms/src/lms/public.rs
@@ -258,7 +258,7 @@ mod tests {
         <Mode::Hasher as OutputSizeUser>::OutputSize: Add<U24>,
         Sum<<Mode::Hasher as OutputSizeUser>::OutputSize, U24>: ArraySize,
     {
-        let rng = rand::thread_rng();
+        let rng = rand::rng();
         let lms_priv = SigningKey::<Mode>::new(rng);
         let lms_pub = lms_priv.public();
         let lms_pub_serialized: Array<u8, Sum<<Mode::Hasher as OutputSizeUser>::OutputSize, U24>> =
diff --git a/lms/src/lms/signature.rs b/lms/src/lms/signature.rs
index 9418ff06..7bbb8b15 100644
--- a/lms/src/lms/signature.rs
+++ b/lms/src/lms/signature.rs
@@ -141,7 +141,7 @@ mod tests {
     use crate::ots::modes::*;
     use hex_literal::hex;
     use hybrid_array::ArraySize;
-    use rand::thread_rng;
+    use rand::rng;
     use signature::{RandomizedSignerMut, Verifier};
     use typenum::{Prod, Sum, U1, U4};
 
@@ -266,7 +266,7 @@ mod tests {
             U4,
         >: ArraySize,
     {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let mut sk = SigningKey::<Mode>::new(&mut rng);
         let pk = sk.public();
         let msg = b"Hello, world!";
diff --git a/lms/src/ots/mod.rs b/lms/src/ots/mod.rs
index d08da24b..d12a0893 100644
--- a/lms/src/ots/mod.rs
+++ b/lms/src/ots/mod.rs
@@ -26,7 +26,7 @@ pub mod tests {
     use digest::OutputSizeUser;
     use hex_literal::hex;
     use hybrid_array::{Array, ArraySize};
-    use rand::thread_rng;
+    use rand::rng;
     use rand_core::{CryptoRng, RngCore};
     use signature::RandomizedSignerMut;
     use signature::Verifier;
@@ -41,7 +41,7 @@ pub mod tests {
         <Mode::Hasher as OutputSizeUser>::OutputSize: Add<U2>,
         Sum<<Mode::Hasher as OutputSizeUser>::OutputSize, U2>: ArraySize,
     {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let mut sk = SigningKey::<Mode>::new(0, [0xcc; ID_LEN], &mut rng);
         let pk = sk.public();
         let msg = "this is a test message".as_bytes();
@@ -65,7 +65,7 @@ pub mod tests {
         <Mode::Hasher as OutputSizeUser>::OutputSize: Add<U2>,
         Sum<<Mode::Hasher as OutputSizeUser>::OutputSize, U2>: ArraySize,
     {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         let mut sk = SigningKey::<Mode>::new(0, [0xcc; ID_LEN], &mut rng);
         let mut pk = sk.public();
         let msg = "this is a test message".as_bytes();
@@ -145,16 +145,6 @@ pub mod tests {
             dest.copy_from_slice(hd);
             self.0 = tl;
         }
-
-        fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> {
-            if dest.len() > self.0.len() {
-                return Err(rand_core::Error::new("not enough bytes"));
-            }
-            let (hd, tl) = self.0.split_at(dest.len());
-            dest.copy_from_slice(hd);
-            self.0 = tl;
-            Ok(())
-        }
     }
 
     /// WARNING: This is not a secure cryptographic RNG. It is only used for testing.
diff --git a/lms/src/ots/private.rs b/lms/src/ots/private.rs
index 67ad786c..9c700d2b 100644
--- a/lms/src/ots/private.rs
+++ b/lms/src/ots/private.rs
@@ -7,7 +7,7 @@ use crate::ots::signature::Signature;
 use crate::types::Identifier;
 use digest::{Digest, Output};
 use hybrid_array::Array;
-use rand_core::CryptoRngCore;
+use rand_core::{CryptoRng, TryCryptoRng};
 use signature::{Error, RandomizedSignerMut};
 use zeroize::Zeroize;
 //use std::mem::MaybeUninit;
@@ -29,7 +29,7 @@ impl<Mode: LmsOtsMode> SigningKey<Mode> {
     // generic_array::ArrayBuilder's internal implementation
     /// If LM-OTS is being used directly, q MUST be set to the all-zero value
     /// <https://datatracker.ietf.org/doc/html/rfc8554#section-4>
-    pub fn new(q: u32, id: Identifier, rng: &mut impl CryptoRngCore) -> Self {
+    pub fn new<R: CryptoRng>(q: u32, id: Identifier, rng: &mut R) -> Self {
         let mut seed: Array<u8, Mode::NLen> = Array::default();
         rng.fill_bytes(&mut seed);
         Self::new_from_seed(q, id, seed)
@@ -96,9 +96,9 @@ impl<Mode: LmsOtsMode> SigningKey<Mode> {
 }
 
 impl<Mode: LmsOtsMode> RandomizedSignerMut<Signature<Mode>> for SigningKey<Mode> {
-    fn try_sign_with_rng(
+    fn try_sign_with_rng<R: TryCryptoRng>(
         &mut self,
-        rng: &mut impl CryptoRngCore,
+        rng: &mut R,
         msg: &[u8],
     ) -> Result<Signature<Mode>, Error> {
         if !self.valid {
@@ -107,7 +107,7 @@ impl<Mode: LmsOtsMode> RandomizedSignerMut<Signature<Mode>> for SigningKey<Mode>
 
         // Generate the message randomizer C
         let mut c = <Output<Mode::Hasher>>::default();
-        rng.fill_bytes(&mut c);
+        rng.try_fill_bytes(&mut c).map_err(|_| Error::new())?;
 
         // Q is the randomized message hash
         let q = Mode::Hasher::new()
diff --git a/lms/src/ots/public.rs b/lms/src/ots/public.rs
index 2d44da0b..d17ea246 100644
--- a/lms/src/ots/public.rs
+++ b/lms/src/ots/public.rs
@@ -123,12 +123,11 @@ mod tests {
     use crate::ots::private::SigningKey;
     use crate::ots::public::VerifyingKey;
     use hybrid_array::Array;
-    use rand::thread_rng;
+    use rand::rng;
 
     #[test]
     fn test_serde() {
-        let pk =
-            SigningKey::<LmsOtsSha256N32W8>::new(0, [0xbb; ID_LEN], &mut thread_rng()).public();
+        let pk = SigningKey::<LmsOtsSha256N32W8>::new(0, [0xbb; ID_LEN], &mut rng()).public();
         let pk_serialized: Array<u8, _> = pk.clone().into();
         let bytes = pk_serialized.as_slice();
         let pk_deserialized = VerifyingKey::<LmsOtsSha256N32W8>::try_from(bytes);