Serious vulnerability found in elliptic curve PRNG - cryptographers freak out.
A major component of cryptographic systems are pseudorandom number generators used to pull values out of thin air for the purposes of generating session keys and the bignum components of crypto keys, among other things. This is done so that an eavesdropping attacker can't predict ahead of time what a particular key is going to be and decrypt traffic as it's transmitted. Another reason is that it's easier to generate a pseudorandom number and check it for certain properties all at once than it is to work up such a number by hand and check it against those properties every …
Read more...