On 2014-01-29 12:09, John Kelsey wrote: > Unfortunately, pretty much all real-world systems > have some time (often very soon after their > first startup) when they have to generate some high value key. Don't do that. Should not even be possible to do that. By the time boot up process is otherwise complete, should have enough entropy.