Ben Laurie has a great post on it here: http://www.links.org/?p=327
He does lay it on a bit thick though... Uninitialized data is not random. Using it the way
OpenSSL does just seems silly.
This is completely Debian's fault of course, but it would not have happened if OpenSSL didn't
leave its bizarro code obscure and undocumented.