It gets worse. OpenSSL also retrieves uptime and mixes it with what it gets from /dev/urandom, iirc. Of course, uptime is not as random as all that, especially on embedded devices. Let's say you write a script that generates a key on first boot. That boot is going to take the exact same amount of time on all identical devices and there is precious little entropy to work with. Oops.

If you have a shit pseudo entropy generator, the keys you generate will be easy to factor because they will share one common prime factor (recall that key security depends on the computational intractability of factoring large numbers). This is called a related-key attack and has (so far) been responsible only for the demise of WEP.

As it turns out, OpenSSH/SSL has a shit PRNG which makes private keys generated with it recoverable using only the public keys, in some implementations and usage scenarios. Together, these amount to 0.4% of ALL public keys currently available on the open 'Net.

slashcode ate part of my post. I meant to write that X was larger than Y in the risk calculation so they decided to not do a recall.

It was real risk, the design was flawed, the fuel tank was prone to catching fire upon the car being struck from the rear (just backing into a wall at more than walking speed was enough, really). But what inflamed the public was the unveiling of a rather cold-hearted financial risk calculation (a recall would cost X dollars, lawsuits from deaths and damage incurred will cost Y dollars over the model's lifetime, Y no recall).

Interestingly enough, the company was forced to do a recall and the ultimate cost to them (including fines) turned out to be (iirc) almost exactly X+Y. Yay for accurate accounting and superb risk analysis, I guess.

You remind me of a certain Japanese mayor.

Cue a second Dust Bowl decade and another generation of disenfranchised red-necks whining "oh Lordy Lord why have you forsaken us".

Paranoiac delirium, it's called.

Far less than 2/1000 Ford Pintos failed catastrophically.

Well, I think you've picked an excellent user name, at least.

It's what you implied. But please, feel free to articulate a saner position.