diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 5d4e5ec..e476494 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "fips203-fuzz"
-version = "0.2.1"
+version = "0.4.0"
 publish = false
 edition = "2021"
 rust-version = "1.70"
diff --git a/fuzz/README.md b/fuzz/README.md
index 632a562..37ec47e 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -13,13 +13,14 @@ $ mkdir -p corpus/fuzz_all
 $ dd if=/dev/zero bs=1 count=3328 > corpus/fuzz_all/seed0
 $ for i in $(seq 1 2); do head -c 3328 </dev/urandom > corpus/fuzz_all/seed$i; done
 $ dd if=/dev/zero bs=1 count=3328 | tr '\0x00' '\377' > corpus/fuzz_all/seed3
-$ cargo fuzz run fuzz_all -j 4
+$ cargo fuzz run fuzz_all -j 4 -- -max_total_time=1000
 ~~~
 
-Coverage status of ml_kem_512 is robust, see:
+Coverage status of ml_kem_512 is robust (run last step above twice), see:
 
 ~~~
-#30756: cov: 7503 ft: 5982 corp: 73 exec/s 9 oom/timeout/crash: 0/0/0 time: 960s job: 84 dft_time: 0
+#60523: cov: 5990 ft: 4165 corp: 65 exec/s 16 oom/timeout/crash: 0/0/0 time: 982s job: 85 dft_time: 0
+
 
 # Warning: the following tools are tricky to install/configure
 $ cargo install cargo-cov
diff --git a/fuzz/fuzz_targets/fuzz_all.rs b/fuzz/fuzz_targets/fuzz_all.rs
index c19994d..1b14351 100644
--- a/fuzz/fuzz_targets/fuzz_all.rs
+++ b/fuzz/fuzz_targets/fuzz_all.rs
@@ -90,7 +90,9 @@ fuzz_target!(|data: [u8; 3328]| {
     let dk2 = ml_kem_512::DecapsKey::try_from_bytes(dk2_bytes.try_into().unwrap());
 
     // Fuzz input -> `KG::validate_keypair_vartime()`
-    let _ok = ml_kem_512::KG::validate_keypair_vartime(
+    rng.push(&data[start..start + RND_SIZE]); // reuse for the moment; TODO 'expand'
+    let _ok = ml_kem_512::KG::validate_keypair_with_rng_vartime(
+        &mut rng,
         &ek2_bytes.try_into().unwrap(),
         &dk2_bytes.try_into().unwrap(),
     );