Can anyone dumb it down for me on why you would need to format the first and last byte of a random number to properly generate a curve25519 private key as noted in 'Computing secret keys' section of http://cr.yp.to/ecdh.html#curve25519-paper.
Computing secret keys. Inside your program, to generate a 32-byte Curve25519 secret key, start by generating 32 secret random bytes from a cryptographically safe source: mysecret[0], mysecret1, ..., mysecret[31]. Then do
mysecret[0] &= 248; mysecret[31] &= 127; mysecret[31] |= 64;
mysecret[0] &= 248 = 0b1111 1000...setting three lsb's to 0 to ensure multiple of 8? mysecret[31] &= 127 = 0b0111 1111...setting the msb to 0 for? mysecret[31] |= 64 = 0b0100 0000...setting the second msb to 1 for?
I must be missing some important note on this in RFC7748?
