"Michael C. Richardson" <mcr@sandelman.ottawa.on.ca> writes:

>   The upshot of this is that /dev/random becomes non-exportable.

dns-sec is exportable, and includes rsa. remember any secure hash
algorithm can be trivially turned into stream-cipher etc. the whole
export issue is a farse and should never be considered anything else.