diff --git a/Cargo.lock b/Cargo.lock
index 6d83cd9..c7d6222 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -223,7 +223,6 @@ dependencies = [
  "hex",
  "html-escape",
  "mock_instant",
- "rand 0.8.5",
  "rand 0.9.2",
  "rusqlite",
  "schemars",
@@ -244,7 +243,7 @@ dependencies = [
  "clap",
  "ed25519-dalek",
  "humantime",
- "rand 0.8.5",
+ "rand 0.9.2",
  "reqwest",
  "rusqlite",
  "serde_jcs",
@@ -1617,8 +1616,6 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
- "libc",
- "rand_chacha 0.3.1",
  "rand_core 0.6.4",
 ]
 
@@ -1628,20 +1625,10 @@ version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
- "rand_chacha 0.9.0",
+ "rand_chacha",
  "rand_core 0.9.3",
 ]
 
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.6.4",
-]
-
 [[package]]
 name = "rand_chacha"
 version = "0.9.0"
diff --git a/blah-types/Cargo.toml b/blah-types/Cargo.toml
index c4beef0..06c521d 100644
--- a/blah-types/Cargo.toml
+++ b/blah-types/Cargo.toml
@@ -43,8 +43,7 @@ optional = true
 criterion = "0.7"
 ed25519-dalek = { version = "2", features = ["rand_core"] }
 expect-test = "1"
-# WAIT: https://github.com/dalek-cryptography/curve25519-dalek/issues/731
-rand08 = { package = "rand", version = "0.8" }
+rand = { version = "0.9", features = ["small_rng"] }
 sha2 = "0.10"
 
 [lints]
diff --git a/blah-types/benches/crypto_ops.rs b/blah-types/benches/crypto_ops.rs
index 43a75cf..43c4783 100644
--- a/blah-types/benches/crypto_ops.rs
+++ b/blah-types/benches/crypto_ops.rs
@@ -6,26 +6,27 @@ use blah_types::msg::{ChatPayload, UserRegisterChallengeResponse, UserRegisterPa
 use blah_types::{Id, PubKey, SignExt, Signee, UserKey, get_timestamp};
 use criterion::{Criterion, criterion_group, criterion_main};
 use ed25519_dalek::SigningKey;
-use rand::rngs::StdRng;
-use rand::rngs::mock::StepRng;
-use rand::{Rng, SeedableRng};
+use rand::{Rng, SeedableRng, rngs::SmallRng};
 use sha2::{Digest, Sha256};
 
 const SEED: u64 = 0xDEAD_BEEF_BEEF_DEAD;
 
-fn bench_register_pow(c: &mut Criterion) {
-    let rng = &mut StdRng::seed_from_u64(SEED);
+const MOCK_PRIV_KEY1: [u8; 32] = *b"this is the testing private key1";
+const MOCK_PRIV_KEY2: [u8; 32] = *b"that is the 2nd testing privkey.";
 
-    let id_key_priv = SigningKey::from_bytes(&[0x1A; 32]);
+fn bench_register_pow(c: &mut Criterion) {
+    let nonce_rng = &mut SmallRng::seed_from_u64(SEED);
+
+    let id_key_priv = SigningKey::from_bytes(&MOCK_PRIV_KEY1);
     let id_key = PubKey::from(id_key_priv.verifying_key());
-    let act_key_priv = SigningKey::from_bytes(&[0x2B; 32]);
+    let act_key_priv = SigningKey::from_bytes(&MOCK_PRIV_KEY2);
     let act_key = PubKey::from(act_key_priv.verifying_key());
     let payload = UserRegisterPayload {
         id_key: id_key.clone(),
         server_url: "http://some.example.com".parse().unwrap(),
         id_url: "http://another.example.com".parse().unwrap(),
         challenge: Some(UserRegisterChallengeResponse::Pow {
-            nonce: rng.random(),
+            nonce: nonce_rng.random(),
         }),
     };
     let mut signee = Signee {
@@ -37,7 +38,7 @@ fn bench_register_pow(c: &mut Criterion) {
 
     c.bench_function("register_pow_iter", |b| {
         b.iter_custom(|iters| {
-            signee.nonce = rng.random();
+            signee.nonce = nonce_rng.random();
 
             let inst = Instant::now();
             for _ in 0..iters {
@@ -69,25 +70,23 @@ fn avg_msg() -> ChatPayload {
 }
 
 fn bench_msg_sign_verify(c: &mut Criterion) {
-    use rand08::SeedableRng;
-
-    let rng = &mut rand08::rngs::StdRng::seed_from_u64(SEED);
-    let id_key_priv = SigningKey::generate(rng);
-    let act_key_priv = SigningKey::generate(rng);
+    let id_key_priv = SigningKey::from_bytes(&MOCK_PRIV_KEY1);
+    let act_key_priv = SigningKey::from_bytes(&MOCK_PRIV_KEY2);
     let id_key = PubKey::from(id_key_priv.verifying_key());
     let timestamp = 1_727_045_943 << 16; // The time when I writing this code.
 
     let msg = avg_msg();
     c.bench_function("msg-sign", |b| {
-        let seq_rng = &mut StepRng::new(1, 1);
+        // FIXME: Provide a deterministic signing method using a given nonce?
+        let fixed_nonce_rng = &mut SmallRng::seed_from_u64(SEED);
         b.iter(|| {
             black_box(msg.clone())
-                .sign_msg_with(&id_key, &act_key_priv, timestamp, seq_rng)
+                .sign_msg_with(&id_key, &act_key_priv, timestamp, fixed_nonce_rng)
                 .unwrap()
         })
     });
 
-    let rng = &mut StdRng::seed_from_u64(SEED);
+    let rng = &mut SmallRng::seed_from_u64(SEED);
     let signed = msg
         .sign_msg_with(&id_key, &act_key_priv, timestamp, rng)
         .unwrap();
diff --git a/blahctl/Cargo.toml b/blahctl/Cargo.toml
index 30b9436..c45d363 100644
--- a/blahctl/Cargo.toml
+++ b/blahctl/Cargo.toml
@@ -8,7 +8,7 @@ anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 ed25519-dalek = { version = "2", features = ["pkcs8", "pem", "rand_core"] }
 humantime = "2"
-rand08 = { package = "rand", version = "0.8" }
+rand = "0.9"
 reqwest = { version = "0.12", features = ["json"] }
 rusqlite = { version = "0.37", features = ["rusqlite-macros"] }
 serde_jcs = "0.1.0"
diff --git a/blahctl/src/main.rs b/blahctl/src/main.rs
index df9a3a2..ead5692 100644
--- a/blahctl/src/main.rs
+++ b/blahctl/src/main.rs
@@ -9,8 +9,9 @@ use blah_types::{PubKey, SignExt, bitflags, get_timestamp};
 use clap::value_parser;
 use ed25519_dalek::pkcs8::spki::der::pem::LineEnding;
 use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey};
-use ed25519_dalek::{SigningKey, VerifyingKey};
+use ed25519_dalek::{SECRET_KEY_LENGTH, SigningKey, VerifyingKey};
 use humantime::Duration;
+use rand::TryRngCore;
 use reqwest::Url;
 use rusqlite::{Connection, named_params, prepare_and_bind};
 use tokio::runtime::Runtime;
@@ -352,7 +353,16 @@ fn main_id(cmd: IdCommand) -> Result<()> {
             id_key_file,
             id_url,
         } => {
-            let id_key_priv = SigningKey::generate(&mut rand08::rngs::OsRng);
+            // TODO: Should be `SigningKey::generate` but blocked on
+            // ed25519_dalek 3.0
+            // See: <https://github.com/dalek-cryptography/curve25519-dalek/pull/777>
+            let id_key_priv = {
+                let mut secret = [0u8; SECRET_KEY_LENGTH];
+                rand::rngs::OsRng
+                    .try_fill_bytes(&mut secret)
+                    .expect("failed to get random");
+                SigningKey::from_bytes(&secret)
+            };
             let id_key = PubKey::from(id_key_priv.verifying_key());
 
             let act_key_desc = UserActKeyDesc {