Index: usr/auth.c
===================================================================
--- usr/auth.c	(revision 713)
+++ usr/auth.c	(working copy)
@@ -28,6 +28,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
 
 #include "auth.h"
 #include "initiator.h"
@@ -186,20 +188,32 @@
 
 	long r;
         unsigned n;
+	int fd;
 
+	fd = open("/dev/urandom", O_RDONLY);
         while (length > 0) {
 
-                r = rand();
+		if (fd)
+			read(fd, &r, sizeof(long));
+		else
+			r = rand();
                 r = r ^ (r >> 8);
                 r = r ^ (r >> 4);
                 n = r & 0x7;
 
-                r = rand();
+		if (fd)
+			read(fd, &r, sizeof(long));
+		else
+			r = rand();
                 r = r ^ (r >> 8);
                 r = r ^ (r >> 5);
                 n = (n << 3) | (r & 0x7);
 
-                r = rand();
+		if (fd)
+			read(fd, &r, sizeof(long));
+		else
+			r = rand();
+
                 r = r ^ (r >> 8);
                 r = r ^ (r >> 5);
                 n = (n << 2) | (r & 0x3);
@@ -207,6 +221,8 @@
                 *data++ = n;
                 length--;
         }
+	if (fd)
+		close(fd);
 }
 
 /**
Index: usr/chap.c
===================================================================
--- usr/chap.c	(revision 713)
+++ usr/chap.c	(working copy)
@@ -324,6 +324,7 @@
 	char text[CHAP_CHALLENGE_MAX * 2 + 8];
 	static int chap_id;
 	int i;
+	int fd;
 
 	value = text_key_find(conn, "CHAP_A");
 	if (!value)
@@ -353,7 +354,8 @@
 	 * wise, or should we rather always use the max. allowed length of
 	 * 1024 for the (unencoded) challenge?
 	 */
-	conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2;
+	conn->auth.chap.challenge_size = (sizeof(int) % (CHAP_CHALLENGE_MAX / 2)) +
+	    CHAP_CHALLENGE_MAX / 2;
 
 	conn->auth.chap.challenge = xmalloc(conn->auth.chap.challenge_size);
 	if (!conn->auth.chap.challenge)
@@ -362,11 +364,21 @@
 	p = text;
 	strcpy(p, "0x");
 	p += 2;
+
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd) {
+		read(fd, conn->auth.chap.challenge, 
+		     sizeof(int) * conn->auth.chap.challenge_size);
+	}
+
 	for (i = 0; i < conn->auth.chap.challenge_size; i++) {
-		conn->auth.chap.challenge[i] = rand();
+		if (!fd) {
+			conn->auth.chap.challenge[i] = rand();
+		}
 		sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]);
 		p += 2;
 	}
+	if (fd) close(fd);
 	text_key_add(conn, "CHAP_C",  text);
 
 	return 0;
