* Andrew Suffield: > The security of the session is limited by the randomness of the > weakest key used. If you're going to use /dev/urandom then you might > as well just not encrypt the session at all. Could you provide some rationale for this claim, preferably based on the kernel code which implements /dev/urandom?