It was (2), they didn't wait.
Come on -- every one of these devices is some distribution of Linux that comes
with a stripped-down kernel and Busybox. It's got stripped-down startup, and no
one thought that it couldn't have enough entropy. These are *network* people,
not crypto people, and the distribution didn't have a module to handle
initial-boot entropy generation.
Period, that's it. It's not malice, it's not even stupidity, it's just
ignorance.
The answer to "what were they thinking?" is almost always "they weren't."
Jon
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
