diff --git a/Cargo.lock b/Cargo.lock
index 7feb745..511685a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -151,6 +151,12 @@ version = "0.21.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
 
+[[package]]
+name = "base64"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51"
+
 [[package]]
 name = "base64ct"
 version = "1.6.0"
@@ -1047,7 +1053,7 @@ checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
 name = "lox-distributor"
 version = "0.1.0"
 dependencies = [
- "base64",
+ "base64 0.21.7",
  "chrono",
  "clap",
  "futures",
@@ -1076,7 +1082,7 @@ name = "lox-library"
 version = "0.1.0"
 dependencies = [
  "aes-gcm",
- "base64",
+ "base64 0.21.7",
  "bincode",
  "chrono",
  "curve25519-dalek",
@@ -1131,8 +1137,10 @@ dependencies = [
 name = "lox_utils"
 version = "0.1.0"
 dependencies = [
+ "base64 0.22.0",
  "chrono",
  "lox-library",
+ "rand 0.8.5",
  "serde",
  "serde_json",
  "serde_with",
@@ -1770,7 +1778,7 @@ version = "0.11.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cde824a14b7c14f85caff81225f411faacc04a2013f41670f41443742b1c1c55"
 dependencies = [
- "base64",
+ "base64 0.21.7",
  "bytes",
  "encoding_rs",
  "futures-core",
@@ -1930,7 +1938,7 @@ version = "3.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee80b0e361bbf88fd2f6e242ccd19cfda072cb0faa6ae694ecee08199938569a"
 dependencies = [
- "base64",
+ "base64 0.21.7",
  "chrono",
  "hex",
  "indexmap 1.9.3",
diff --git a/crates/lox-distributor/src/request_handler.rs b/crates/lox-distributor/src/request_handler.rs
index 827baa1..53dd0a2 100644
--- a/crates/lox-distributor/src/request_handler.rs
+++ b/crates/lox-distributor/src/request_handler.rs
@@ -73,15 +73,9 @@ mod tests {
 
     use super::*;
 
-    use base64::{engine::general_purpose, Engine as _};
     use chrono::{Duration, Utc};
     use julianday::JulianDay;
-    use lox_library::{
-        bridge_table::{self, BridgeLine},
-        cred::BucketReachability,
-        proto, BridgeAuth, BridgeDb,
-    };
-    use rand::RngCore;
+    use lox_library::{bridge_table, cred::BucketReachability, proto, BridgeAuth, BridgeDb};
     use std::sync::{Arc, Mutex};
 
     trait LoxClient {
@@ -225,13 +219,21 @@ mod tests {
 
             // Make 3 x num_buckets open invitation bridges, in sets of 3
             for _ in 0..5 {
-                let bucket = [random(), random(), random()];
+                let bucket = [
+                    lox_utils::random(),
+                    lox_utils::random(),
+                    lox_utils::random(),
+                ];
                 let _ = lox_auth.add_openinv_bridges(bucket, &mut bridgedb);
             }
 
             // Add hot_spare more hot spare buckets
             for _ in 0..5 {
-                let bucket = [random(), random(), random()];
+                let bucket = [
+                    lox_utils::random(),
+                    lox_utils::random(),
+                    lox_utils::random(),
+                ];
                 let _ = lox_auth.add_spare_bucket(bucket, &mut bridgedb);
             }
             // Create the encrypted bridge table
@@ -279,37 +281,6 @@ mod tests {
         }
     }
 
-    pub fn random() -> BridgeLine {
-        let mut rng = rand::thread_rng();
-        let mut res: BridgeLine = BridgeLine::default();
-        // Pick a random 4-byte address
-        let mut addr: [u8; 4] = [0; 4];
-        rng.fill_bytes(&mut addr);
-        // If the leading byte is 224 or more, that's not a valid IPv4
-        // address.  Choose an IPv6 address instead (but don't worry too
-        // much about it being well formed).
-        if addr[0] >= 224 {
-            rng.fill_bytes(&mut res.addr);
-        } else {
-            // Store an IPv4 address as a v4-mapped IPv6 address
-            res.addr[10] = 255;
-            res.addr[11] = 255;
-            res.addr[12..16].copy_from_slice(&addr);
-        };
-        let ports: [u16; 4] = [443, 4433, 8080, 43079];
-        let portidx = (rng.next_u32() % 4) as usize;
-        res.port = ports[portidx];
-        res.uid_fingerprint = rng.next_u64();
-        let mut cert: [u8; 52] = [0; 52];
-        rng.fill_bytes(&mut cert);
-        let infostr: String = format!(
-            "obfs4 cert={}, iat-mode=0",
-            general_purpose::STANDARD_NO_PAD.encode(cert)
-        );
-        res.info[..infostr.len()].copy_from_slice(infostr.as_bytes());
-        res
-    }
-
     // This should only be used for testing, use today in production
     fn test_today(days: i64) -> u32 {
         let naive_now_plus = (Utc::now() + Duration::days(days)).date_naive();
diff --git a/crates/lox-utils/Cargo.toml b/crates/lox-utils/Cargo.toml
index 5fa4755..21d6d99 100644
--- a/crates/lox-utils/Cargo.toml
+++ b/crates/lox-utils/Cargo.toml
@@ -12,8 +12,10 @@ categories = ["rust-patterns"]
 repository = "https://gitlab.torproject.org/tpo/anti-censorship/lox.git/"
 
 [dependencies]
+base64 = "0.22.0"
 chrono = { version = "0.4.38", features = ["serde", "clock"] }
 lox-library = {path = "../lox-library", version = "0.1.0"}
+rand = "0.8.5"
 serde = "1"
 serde_json = "1.0.113"
 serde_with = "3.7.0"
diff --git a/crates/lox-utils/src/lib.rs b/crates/lox-utils/src/lib.rs
index 20b24cc..c413aca 100644
--- a/crates/lox-utils/src/lib.rs
+++ b/crates/lox-utils/src/lib.rs
@@ -1,3 +1,4 @@
+use base64::{engine::general_purpose, Engine as _};
 use chrono::{DateTime, Utc};
 use lox_library::bridge_table::{
     from_scalar, BridgeLine, BridgeTable, EncryptedBucket, MAX_BRIDGES_PER_BUCKET,
@@ -5,6 +6,7 @@ use lox_library::bridge_table::{
 use lox_library::cred::{BucketReachability, Invitation, Lox};
 use lox_library::proto::{self, check_blockage, level_up, trust_promotion};
 use lox_library::{IssuerPubKey, OPENINV_LENGTH};
+use rand::RngCore;
 use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 use std::array::TryFromSliceError;
@@ -154,3 +156,34 @@ pub fn calc_test_days(trust_level: i64) -> i64 {
     //  }
     total
 }
+
+pub fn random() -> BridgeLine {
+    let mut rng = rand::thread_rng();
+    let mut res: BridgeLine = BridgeLine::default();
+    // Pick a random 4-byte address
+    let mut addr: [u8; 4] = [0; 4];
+    rng.fill_bytes(&mut addr);
+    // If the leading byte is 224 or more, that's not a valid IPv4
+    // address.  Choose an IPv6 address instead (but don't worry too
+    // much about it being well formed).
+    if addr[0] >= 224 {
+        rng.fill_bytes(&mut res.addr);
+    } else {
+        // Store an IPv4 address as a v4-mapped IPv6 address
+        res.addr[10] = 255;
+        res.addr[11] = 255;
+        res.addr[12..16].copy_from_slice(&addr);
+    };
+    let ports: [u16; 4] = [443, 4433, 8080, 43079];
+    let portidx = (rng.next_u32() % 4) as usize;
+    res.port = ports[portidx];
+    res.uid_fingerprint = rng.next_u64();
+    let mut cert: [u8; 52] = [0; 52];
+    rng.fill_bytes(&mut cert);
+    let infostr: String = format!(
+        "obfs4 cert={}, iat-mode=0",
+        general_purpose::STANDARD_NO_PAD.encode(cert)
+    );
+    res.info[..infostr.len()].copy_from_slice(infostr.as_bytes());
+    res
+}