yeah, we've seen those. the problem is that we intentionally try to stick with the distrib
kernel so we don't end up recompiling kernels every time there's a new security patch...
the alternatives are to compile our own cyrus with the magic flag telling it to use
/dev/urandom (same problem as above, plus we'd have to recompile apache, openvpn, ...), or
hack on udev to make it create a /dev/random which is actually /dev/urandom... couldn't
convince udev to do that reliably though.
rngd seems to do the trick as a userspace workaround. it's main purpose is supposed to be
pulling entropy from hardware addons, but it seems to be pretty common to use it the way we do