It was (2), they didn't wait. Come on -- every one of these devices is some distribution of Linux that comes with a stripped-down kernel and Busybox. It's got stripped-down startup, and no one thought that it couldn't have enough entropy. These are *network* people, not crypto people, and the distribution didn't have a module to handle initial-boot entropy generation.
Period, that's it. It's not malice, it's not even stupidity, it's just ignorance. The answer to "what were they thinking?" is almost always "they weren't." Jon _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography