The entropy source they currently have is a placeholder LFSR source, which is well known to be insecure.
If we can get away with using a few op-amps, I quite like the infinite noise HW entropy source:
I've built a similar circuit on a breadboard before and it works quite well, though didn't test the entropy quality since I didn't connect it to a computer.
It has the nice features of not being finicky (unlike quite a lot of other entropy sources) as well as not breaking down when there is a lot of environmental noise (perhaps from an attacker).
interesting, i think my friend phil has used something like this, for a better
source than /dev/random, for GPG and VPN usage. i've designed cryptographic
algorithms so know how to test them to make sure they're indistinguishable
from white noise (dieharder, CSRC's STS)